CVE-2016-9493

The CVE-2016-9493 issue involves PHP FormMail Generator-generated code prior to 2016-12-17. The form.lib.php file checks upload types against a hard-coded list of dangerous extensions, which does not cover all PHP file variants, allowing possible execution of PHP code if the uploaded filename is ...

CVE-2016-9484 PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

CVE-2016-9492 PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

CVE-2016-9493 PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

CVE-2016-9483

CVE-2016-9483 involves PHP FormMail Generator-generated PHP form code where phpfmg_filman_download() deserializes untrusted input, enabling a remote, unauthenticated attacker to inject PHP code. The description notes that, combined with CVE-2016-9484, this can lead to local file inclusion attacks...

china-window.com XSS vulnerability

Open Bug Bounty ID: OBB-579564 Description| Value ---|--- Affected Website:| china-window.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PHP FormMail Generator generates code vulnerable to multiple issues

Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...

igup.urfu.ru XSS vulnerability

Vulnerable URL: http://igup.urfu.ru/index.php/board/misc/?action=formmail=28'"--!alert/OPENBUGBOUNTY/...

PHP FormMail Generator Security Bypass Vulnerability (CNVD-2016-12386)

PHP FormMail Generator is a suite of PHP applications for generating standard web forms for inclusion in PHP or WordPress websites. A security bypass vulnerability exists in PHP FormMail Generator. A remote attacker can exploit this vulnerability to inject PHP code or perform unauthorized...

PHP FormMail Generator Security Bypass Vulnerability (CNVD-2016-12387)

PHP FormMail Generator is a suite of PHP applications for generating standard web forms for inclusion in PHP or WordPress websites. A security bypass vulnerability exists in PHP FormMail Generator. The vulnerability stems from the program incorrectly detecting a folder directory entered by the...

PHP FormMail Generator Security Bypass Vulnerability

PHP FormMail Generator is a suite of PHP applications for generating standard web forms for inclusion in PHP or WordPress websites. A security bypass vulnerability exists in PHP FormMail Generator. A remote attacker can use this vulnerability to bypass authentication and gain administrator access...

PHP FormMail Generator generates code with multiple vulnerabilities

Overview PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data. Description CWE-302: Authentication...

Wordpress pondol-formmail plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. pondol-formmail is one of the e-mail processing plug-ins. A cross-site scripting vulnerability exists in version...

CVE-2016-1000146

Reflected XSS in wordpress plugin pondol-formmail v1.1...

CVE-2016-1000146

Reflected XSS in wordpress plugin pondol-formmail v1.1...

Cross site scripting

Reflected XSS in wordpress plugin pondol-formmail v1.1...

CVE-2016-1000146

Reflected XSS in wordpress plugin pondol-formmail v1.1...

CVE-2016-1000146

CVE-2016-1000146 corresponds to a reflected XSS in WordPress Pondol Form to Mail plugin (= 1.2) or applying vendor patches. In summary, affected product: Pondol Form to Mail WordPress plugin, versions = 1.2 or apply patch.

CVE-2016-1230

Cross-site scripting XSS vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1230

Cross-site scripting XSS vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...