Arbitrary PHP Code Execution via themechanges Array Parameter in Simple Machines Forum (SMF) 2.1

Arbitrary PHP Code Execution via themechanges Array Parameter in Simple Machines Forum (SMF) 2.1

CVE-2016-5726 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.

Learn more about our Web Application Penetration Testing UK.