CVE-2016-9482 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass

2018-07-1320:00:00

CWE-302

certcc

www.cve.org

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel

CNA Affected

[
  {
    "product": "Generator",
    "vendor": "PHP FormMail",
    "versions": [
      {
        "lessThan": "2016-12-06",
        "status": "affected",
        "version": "2016-12-06",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94778

www.kb.cert.org/vuls/id/494015