PT-2023-27529 · Unknown · Mailform Pro Cgi
Tran Quang Vu
·
Published
2023-08-25
·
Updated
2023-08-31
·
CVE-2023-40599
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mailform Pro CGI versions 4.3.1.3 and earlier
Description
A Regular expression Denial-of-Service (ReDoS) issue exists in multiple add-ons for Mailform Pro CGI, allowing a remote unauthenticated attacker to cause a denial-of-service condition. The affected add-ons include
call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.Recommendations
For Mailform Pro CGI versions 4.3.1.3 and earlier, consider disabling the affected add-ons, specifically
call.js, search.cgi, estimate.js, search.js, suggest.js, and coupon.js, until a patch is available. Restrict access to these add-ons to minimize the risk of exploitation.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailform Pro Cgi