JVN#30135729: SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution

Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution.

Impact

Arbitrary code may be executed on the server.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Apply a workaround
The following workaround may mitigate the affects of this vulnerability.

• Disable MailAuth module

Products Affected

• Mailform Pro CGI 4.1.4 to 4.1.5
  According to the developer, Mailform Pro CGI is affected when MailAuth module is enabled.