EUVD-2016-10288

Malware in sbrugna...

EUVD-2016-10299

Malware in sbrugna...

Authentication flaw

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

CVE-2016-9493 PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

CVE-2016-9484 PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

PHP FormMail Generator Security Bypass Vulnerability

PHP FormMail Generator is a suite of PHP applications for generating standard web forms for inclusion in PHP or WordPress websites. A security bypass vulnerability exists in PHP FormMail Generator. A remote attacker can use this vulnerability to bypass authentication and gain administrator access...