CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

CVE-2016-9492 PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

CVE-2016-9492

CVE-2016-9492 concerns PHP FormMail Generator-generated forms prior to 2016-12-17. The vulnerability arises from a hard-coded list of dangerous file extensions in form.lib.php, which does not cover all PHP file variations. This can allow unrestricted upload of dangerous file types and, if the upl...

PHP FormMail Generator generates code vulnerable to multiple issues

Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...