CVE-2022-26982

moderate-risk

Published 2022-04-05

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.

Do I need to act?

8.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51057

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (1)

Simple Machines Forum

Affected Vendors

Simplemachines

References (4)

http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Cod...

Exploit https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt

http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Cod...

Exploit https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 17/34 · Moderate

Exposure 5/34 · Minimal