CRITICAL🇬🇧 English

CVE-2016-9482

CVSS 9.8v3.0pub. 2018-07-13upd. 2024-11-21

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jqueryform PHP Formmail Generator

    APP
    Jqueryform
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2016-9483CRITICAL9.8ten sam produkt

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filma...

CVE-2016-9492CRITICAL9.8ten sam produkt

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of...

CVE-2016-9484HIGH7.5ten sam produkt

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauth...

CVE-2016-9493MEDIUM6.1ten sam produkt

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scri...

CVE-2022-24984CRITICAL9.8ten sam vendor

Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauth...