CVE-2016-9492
PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 3.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 jul 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename.
Produtos afetados
PHP FormMail · GeneratorQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →