9.8
CVE-2016-1209
- EPSS 80.58%
- Veröffentlicht 14.05.2016 15:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginNinja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 2.9.42.1, or a newer patched version
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 2.9.42.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
2.9.36-2.9.42
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
2.9.36-2.9.42
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version <= 2.9.42
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 80.58% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.