Detections
Analytics

CVE-2016-5726

critical

Description

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

References

http://www.openwall.com/lists/oss-security/2016/06/18/1

http://www.openwall.com/lists/oss-security/2016/06/10/7

Details

Source: Mitre, NVD

Published: 2017-02-09

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00839