QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-9483

Back to search

CVE-2016-9483

Published: Jul 13, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.

VendorProductVersions

PHP FormMail

Generator

affected
2016-12-06 - < 2016-12-06

Weaknesses (CWE)

CWE-502

References

VU#494015
third-party-advisory
x_refsource_CERT-VN
94778
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now