CVE-2016-9482

EPSS 4.66%
Veröffentlicht 13.07.2018 20:29:01
Zuletzt bearbeitet 21.11.2024 03:01:18
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jqueryform ≫ Php Formmail Generator Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.66%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-302 Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

http://www.securityfocus.com/bid/94778

Third Party Advisory

VDB Entry

https://www.kb.cert.org/vuls/id/494015

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-9482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9482

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-9482