CVE-2016-5727

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5727
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5727.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5727
Published
2017-02-09T15:59:01.160Z
Modified
2026-04-10T03:51:54.949379Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type
GIT
Repo
https://github.com/simplemachines/smf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
453cbdbaec8e022bb1a582a145edcc6fc0edac0e
Fixed
19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1"
        }
    ]
}

Affected versions

2.*
2.1beta1
v2.*
v2.1-beta.1
v2.1-beta.2
v2.1-beta.3
v2.1-rc.1
v2.1-rc.2
v2.1-rc.3
v2.1-rc.4
v2.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5727.json"