CVE-2016-9483

CVE-2016-9483: PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

Vendor Php Formmail
Product Generator
Weakness CWE-502 · Unsafe deserialization
Published July 13, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 6, 2024 Record updated