CVE-2016-5727: Code Injection
First published: Thu Feb 09 2017(Updated: )
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple Machines Forum | =2.1 | |
| =2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5727?
CVE-2016-5727 is classified as a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2016-5727?
To fix CVE-2016-5727, upgrade to a patched version of Simple Machines Forum that addresses this vulnerability.
What type of attacks can be performed using CVE-2016-5727?
CVE-2016-5727 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code.
Which version of Simple Machines Forum is affected by CVE-2016-5727?
CVE-2016-5727 affects Simple Machines Forum version 2.1.
Can CVE-2016-5727 be exploited without authentication?
Yes, CVE-2016-5727 can be exploited remotely without authentication, making it particularly dangerous.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/simplemachines
- canonical/simple machines forum
- version/simple machines forum/2.1