3 matches found
CVE-2016-9493 PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...
CVE-2016-9493
The CVE-2016-9493 issue involves PHP FormMail Generator-generated code prior to 2016-12-17. The form.lib.php file checks upload types against a hard-coded list of dangerous extensions, which does not cover all PHP file variants, allowing possible execution of PHP code if the uploaded filename is ...
PHP FormMail Generator generates code vulnerable to multiple issues
Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...