The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJqueryform PHP Formmail Generator
APPJqueryformwszystkie wersje
Related vulnerabilities
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in t...
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of...
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauth...
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scri...
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauth...