PT-2018-5072 · Php · Php Formmail Generator

Pouya Darabi

Published

2018-07-13

Updated

2019-10-09

CVE-2016-9482

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP FormMail Generator (affected versions not specified)

Description The issue allows a remote unauthenticated user to bypass authentication and access the administrator panel. This can be achieved by navigating directly to the "/admin.php?mod=admin&func=panel" API endpoint.

Recommendations As a temporary workaround, consider disabling access to the /admin.php API endpoint until a patch is available. Restrict access to the administrator panel to minimize the risk of exploitation. Avoid using the mod and func parameters in the affected API endpoint until the issue is resolved.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-302CWE-287

Related Identifiers

CVE-2016-9482

Affected Products

Php Formmail Generator

PT-2018-5072 · Php · Php Formmail Generator

CVE-2016-9482

Weakness Enumeration

Related Identifiers

Affected Products

References · 3