Japan Vulnerability NotesJVN:86484824JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.9%
Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599).
This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above.
Impact
A remote attacker may be able to cause a denial-of-service (DoS).
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Products Affected
- Mailform Pro CGI 4.3.1.3 and earlier
According to the developer, the product is affected by the vulnerability when the following functions are enabled. - call/call.js
- prefcodeadv/search.cgi
- estimate/estimate.js
- search/search.js
- suggest/suggest.js
- coupon/coupon.js
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.9%