9.8

CVE-2016-9483

EPSS 3.47%
Veröffentlicht 13.07.2018 20:29:01
Zuletzt bearbeitet 21.11.2024 03:01:18
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jqueryform ≫ Php Formmail Generator Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.47%	0.875

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.securityfocus.com/bid/94778

Third Party Advisory

VDB Entry

https://www.kb.cert.org/vuls/id/494015

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-9483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9483

EUVD