ГлавнаяУязвимости → CVE-2026-35056
7.2высокая

CVE-2026-35056

Описание

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.

Затрагиваемое ПО
Xenforo Xenforo
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.vulncheck.com/advisories/xenforo-remote-code-execution-via-authenticated-adminhttps://xenforo.com/community/threads/xenforo-2-3-9-inc-xfmg-2-2-18-released-security-fix.235659/