UNKNOWNCVE-2026-35056
XenForo Remote Code Execution via Authenticated Admin
Platform
php
Component
xenforo
Fixed in
2.3.9
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.
How to fix
Actualice XenForo a la versión 2.3.9 o 2.2.18, o una versión posterior. Esto solucionará la vulnerabilidad de ejecución remota de código para usuarios administradores autenticados.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free