CVE-2016-5727

Source
https://cve.org/CVERecord?id=CVE-2016-5727
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5727.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5727
Published
2017-02-09T15:59:01.160Z
Modified
2026-07-08T12:41:44.901603Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.

References

Affected packages

Git / github.com/simplemachines/smf

Affected ranges

Type
GIT
Repo
https://github.com/simplemachines/smf
Events
Database specific
{
    "cpe": "cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*",
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "2.1"
        },
        {
            "last_affected": "2.1"
        }
    ]
}

Affected versions

2.*
2.1
v2.*
v2.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5727.json"