CVE-2022-26982
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
SimpleMachinesForum versiones 2.1.1 y anteriores, permiten a administradores remotos autenticados ejecutar código arbitrario al insertar un código php vulnerable porque los temas pueden ser modificados por un administrador
SimpleMachinesForum version 2.1.1 suffers from an authenticated remote code execution vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-14 CVE Reserved
- 2022-04-05 CVE Published
- 2023-03-25 First Exploit
- 2024-08-03 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/171486/SimpleMachinesForum-2.1.1-Remote-Code-Execution.html |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/51057 | 2023-03-25 | |
| https://github.com/sartlabs/0days/blob/main/SimpleMachinesForum/Exploit.txt | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Simplemachines Search vendor "Simplemachines" | Simple Machines Forum Search vendor "Simplemachines" for product "Simple Machines Forum" | <= 2.1.1 Search vendor "Simplemachines" for product "Simple Machines Forum" and version " <= 2.1.1" | - |
Affected
| ||||||