Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/06/18/1 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/06/10/7 | Mailing List Patch Third Party Advisory |
Configurations
Information
Published : 2017-02-09 07:59
Updated : 2017-02-23 10:20
NVD link : CVE-2016-5726
Mitre link : CVE-2016-5726
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
simplemachines
- simple_machines_forum