Php Formmail Generator vulnerabilities
7 known vulnerabilities affecting php_formmail/generator.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2016-9482P2CRITICALCVSS 9.8≥ 2016-12-06, < 2016-12-062018-07-13
CVE-2016-9482 [CRITICAL] CWE-302 CVE-2016-9482: Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentic
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel
nvd
CVE-2016-9492P3CRITICALCVSS 9.8≥ 17/12/2016, < 17/12/20162018-07-13
CVE-2016-9492 [CRITICAL] CWE-434 CVE-2016-9492: The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained
nvd
CVE-2016-9483P3CRITICALCVSS 9.8≥ 2016-12-06, < 2016-12-062018-07-13
CVE-2016-9483 [CRITICAL] CWE-502 CVE-2016-9483: The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the ph
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.
nvd
CVE-2016-9484P3HIGHCVSS 7.5≥ 2016-12-06, < 2016-12-062018-07-13
CVE-2016-9484 [HIGH] CWE-22 CVE-2016-9484: The generated PHP form code does not properly validate user input folder directories, allowing a rem
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06
nvd
CVE-2019-16144P3HIGH≥ 0, < 0.6.182021-08-25
CVE-2019-16144 [HIGH] CWE-908 Uninitialized memory use in generator
Uninitialized memory use in generator
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
ghsaosv
CVE-2016-9493P4MEDIUMCVSS 6.1≥ 17/12/2016, < 17/12/20162018-07-13
CVE-2016-9493 [MEDIUM] CWE-80 CVE-2016-9493: The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the att
nvd
CVE-2020-36471P4MEDIUM≥ 0, < 0.7.02021-08-25
CVE-2020-36471 [MEDIUM] CWE-362 Data races in generator
Data races in generator
The `Generator` type is an iterable which uses a generator function that yields
values. In affected versions of the crate, the provided function yielding values
had no `Send` bounds despite the `Generator` itself implementing `Send`.
The generator function lacking a `Send` bound means that types that are
dangerous to send across threads such as `Rc` could be sent as part of a
generator, potentially leading to data
ghsaosv