PT-2018-5073 · Php · Php Formmail Generator

Pouya Darabi

Published

2018-07-13

Updated

2019-10-09

CVE-2016-9483

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP FormMail Generator (affected versions not specified)

Description The issue allows a remote unauthenticated attacker to inject PHP code by exploiting the deserialization of untrusted input in the phpfmg filman download() function. This could also be used for local file inclusion attacks to obtain files from the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2016-9483

Affected Products

Php Formmail Generator

PT-2018-5073 · Php · Php Formmail Generator

CVE-2016-9483

Weakness Enumeration

Related Identifiers

Affected Products

References · 3