PT-2018-5073 · Php · Php Formmail Generator

Pouya Darabi

Publicado

2018-07-13

Atualizado

2019-10-09

CVE-2016-9483

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP FormMail Generator (affected versions not specified)

Description The issue allows a remote unauthenticated attacker to inject PHP code by exploiting the deserialization of untrusted input in the phpfmg filman download() function. This could also be used for local file inclusion attacks to obtain files from the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2016-9483

Produtos afetados

Php Formmail Generator

PT-2018-5073 · Php · Php Formmail Generator

CVE-2016-9483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3