CVE-2016-9484

CVE-2016-9484: PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

Vendor Php Formmail
Product Generator
Weakness CWE-22 · Path traversal
Published July 13, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 6, 2024 Record updated