CVE-2016-1209

Exploit

EPSS 61.61%
Veröffentlicht 14.05.2016 15:59:03
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload

Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.

Mögliche Gegenmaßnahme

Ninja Forms – The Contact Form Builder That Grows With You: Update to version 2.9.42.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version <= 2.9.42

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Ninja Forms – The Contact Form Builder That Grows With You

Version 2.9.36-2.9.42

SystemWordPress Plugin

≫

Produkt Ninja Forms – The Contact Form Builder That Grows With You

Version 2.9.36-2.9.42

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	61.61%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://wordpress.org/plugins/ninja-forms/changelog/

http://jvn.jp/en/jp/JVN44657371/index.html

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064

Vendor Advisory

http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html

Exploit

http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities

http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Exploit

https://ninjaforms.com/important-security-update-always-hurt-ones-love/

https://wpvulndb.com/vulnerabilities/8485

https://www.wordfence.com/threat-intel/vulnerabilities/id/0f36a924-6a68-40ff-bf1a-9ebcad1c2fc6

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e9f73654-2e5a-4762-8cac-613e24d3216a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1209

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-1209