Overview
PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data.
Description
CWE-302: Authentication Bypass by Assumed-Immutable Data - CVE-2016-9482 A remote unauthenticated user may bypass authentication to access the administrator panel by navigating directly to: |
Impact
An unauthenticated remote user may be able to gain access to the form's administrator panel, or obtain files from the server. |
Solution
Regenerate your PHP form code |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| PHP FormMail Generator | Affected | 29 Nov 2016 | 08 Dec 2016 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 10.0 | E:ND/RL:ND/RC:ND |
| Environmental | 7.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://www.formmail-maker.com/generator.php
- http://cwe.mitre.org/data/definitions/22.html
- http://cwe.mitre.org/data/definitions/302.html
- http://cwe.mitre.org/data/definitions/502.html
'취약점 정보2' 카테고리의 다른 글
| CVE-2016-8655 Linux af_packet.c race condition (local root) (0) | 2016.12.12 |
|---|---|
| 리눅스 커널 로컬 권한 상승 취약점 (0) | 2016.12.12 |
| 구글 크롬 업데이트 권고 (0) | 2016.12.12 |
| Multiple Netgear routers 다중 취약점 발견 업데이트 권고 (0) | 2016.12.12 |
| Apache Tomcat Jmx 원격코드 실행 취약점 보안 업데이트 권고 (0) | 2016.12.09 |