VYPR
Vendor

PHP FormMail Generator

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2016-9492CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.03

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include…

  • CVE-2016-9482CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.05

    Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel

  • CVE-2016-9484HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.04

    The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated…

  • CVE-2016-9493MedJul 13, 2018
    risk 0.40cvss 6.1epss 0.02

    The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of…