CVE-2016-5726

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5726
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5726.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5726
Published
2017-02-09T15:59:01.127Z
Modified
2026-03-15T22:09:01.364269Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type
GIT
Repo
https://github.com/simplemachines/smf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
453cbdbaec8e022bb1a582a145edcc6fc0edac0e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1"
        }
    ]
}

Affected versions

2.*
2.1beta1
v2.*
v2.1-beta.1
v2.1-beta.2
v2.1-beta.3
v2.1-rc.1
v2.1-rc.2
v2.1-rc.3
v2.1-rc.4
v2.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5726.json"