Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2016-9484
PUBLISHED
More InfoOfficial Page
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
View Known Exploited Vulnerability (KEV) details
Published At-13 Jul, 2018 | 20:00
Updated At-06 Aug, 2024 | 02:50
Rejected At-
▼CVE Numbering Authority (CNA)
PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable.

Affected Products
Vendor
PHP FormMail
Product
Generator
Versions
Affected
  • From 2016-12-06 before 2016-12-06 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches.

Configurations
Workarounds
Exploits
Credits
Thanks to Pouya Darabi for reporting this vulnerability.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.kb.cert.org/vuls/id/494015
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/bid/94778
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.kb.cert.org/vuls/id/494015
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/bid/94778
vdb-entry
x_refsource_BID
x_transferred
Details not found