CVE-2016-5727
Description
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/SimpleMachines/SMF2.1/issues/3522
Vendor advisory: cve@mitre.org — https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/06/18/1
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/06/10/7
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| simplemachines | simple_machines_forum | 2.1 | |
References
- http://www.openwall.com/lists/oss-security/2016/06/10/7
- http://www.openwall.com/lists/oss-security/2016/06/18/1
- https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
- https://github.com/SimpleMachines/SMF2.1/issues/3522
- http://www.openwall.com/lists/oss-security/2016/06/10/7
- http://www.openwall.com/lists/oss-security/2016/06/18/1
- https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c
- https://github.com/SimpleMachines/SMF2.1/issues/3522
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.