CVE-2016-9484

The CVE-2016-9484 vulnerability in PHP FormMail Generator arises from generated PHP form code that does not properly validate user-supplied folder directories, enabling a remote unauthenticated attacker to perform path traversal and access arbitrary files on the server. The issue affects PHP form...

CVE-2016-9483

CVE-2016-9483 involves PHP FormMail Generator-generated PHP form code where phpfmg_filman_download() deserializes untrusted input, enabling a remote, unauthenticated attacker to inject PHP code. The description notes that, combined with CVE-2016-9484, this can lead to local file inclusion attacks...

CVE-2016-9482

CVE-2016-9482 affects the PHP FormMail Generator code; an unauthenticated remote user can bypass authentication and reach the administrator panel by accessing /admin.php?mod=admin&func=panel. Documents consistently describe an authentication bypass in the code generated by PHP FormMail Generator....

CVE-2016-9493

The CVE-2016-9493 issue involves PHP FormMail Generator-generated code prior to 2016-12-17. The form.lib.php file checks upload types against a hard-coded list of dangerous extensions, which does not cover all PHP file variants, allowing possible execution of PHP code if the uploaded filename is ...

CVE-2016-9492

CVE-2016-9492 concerns PHP FormMail Generator-generated forms prior to 2016-12-17. The vulnerability arises from a hard-coded list of dangerous file extensions in form.lib.php, which does not cover all PHP file variations. This can allow unrestricted upload of dangerous file types and, if the upl...