Vulnerability Description
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jqueryform | Php Formmail Generator | < 2016-12-06 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94778Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/494015Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/94778Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/494015Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-9484?
CVE-2016-9484 is a vulnerability with a CVSS score of 7.5 (HIGH). The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. T...
How severe is CVE-2016-9484?
CVE-2016-9484 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9484?
Check the references section above for vendor advisories and patch information. Affected products include: Jqueryform Php Formmail Generator.