CVE-2016-9484

Name of the Vulnerable Software and Affected Versions PHP FormMail Generator (affected versions not specified)

Description The issue arises from inadequate validation of user input folder directories in the generated PHP form code. This allows a remote unauthenticated attacker to perform a path traversal, enabling access to arbitrary files on the server. It is estimated that any PHP form code generated by the PHP FormMail Generator website prior to 2016-12-06 may be affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.