CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

CVE-2025-41441

CVE-2025-41441 affects Mailform Pro CGI versions prior to 4.3.4. The vulnerability stems from error messages that disclose sensitive information (CWE-209), which may allow a remote unauthenticated attacker to obtain coupon codes in systems that enable the coupon feature. Impact is limited to prod...

Mailform Pro CGI generating error messages containing sensitive information

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

SYNCK GRAPHICA Mailform Pro CGI 安全漏洞

SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI versions prior to 4.3.4, which originates from an error message...

PT-2025-22903 · Unknown · Mailform Pro Cgi

Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions prior to 4.3.4 Description: The issue allows a remote unauthenticated attacker to obtain coupon codes due to error messages containing sensitive information. This only affects products that use the coupon feature...

JVN#39546799: Mailform Pro CGI generating error messages containing sensitive information

Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 3.7...

CVE-2023-32610

Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service DoS condition...

CVE-2023-27507

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

CVE-2023-27397

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...

CVE-2020-5553

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4939

PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter...

CVE-2023-42040

PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2023-42040

PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2023-42040

CVE-2023-42040 affects PDF-XChange Editor. The vulnerability is a Use-After-Free in the mailForm method , caused by not validating the existence of an object before performing operations. This can allow an attacker to execute arbitrary code with the current process context. Exploitation requires ...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange, Inc. that runs on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor, which originates from a mailForm post-release reuse code execution vulnerability...

The vulnerability of the mailForm method in the PDF document viewing and editing software PDF-XChange Editor allows a perpetrator to execute arbitrary code.

The vulnerability of the mailForm method in the PDF document viewing and editing software PDF-XChange Editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created file...

PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm...

CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...