Arbitrary PHP Code Execution via themechanges Array Parameter in Simple Machines Forum (SMF) 2.1
CVE-2016-5726 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
Learn more about our Web Application Penetration Testing UK.