Описание
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-5727
- https://github.com/SimpleMachines/SMF2.1/issues/3522
- https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
- http://www.openwall.com/lists/oss-security/2016/06/10/7
- http://www.openwall.com/lists/oss-security/2016/06/18/1
Связанные уязвимости
CVSS3: 8.8
nvd
почти 9 лет назад
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.