CVE-2016-5727

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-5727

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5727.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-5727

Published

2017-02-09T15:59:01.160Z

Modified

2026-05-17T11:54:43.001302017Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

References

http://www.openwall.com/lists/oss-security/2016/06/10/7
http://www.openwall.com/lists/oss-security/2016/06/18/1
https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
https://github.com/SimpleMachines/SMF2.1/issues/3522

CVE-2016-5727

Affected packages