What the vulnerability does
01Description
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
Explanation of Vulnerability in Simple Terms
Form Maker by 10Web versions up to 1.15.38 contain a SQL injection vulnerability in the form processing logic. An attacker can craft malicious input in form fields to execute arbitrary SQL queries against the site's database. This can lead to unauthorized data access and potential site disruption. Update to a version newer than 1.15.38 immediately.
What an attacker can do
Read or modify database contents, including user data and site configuration, without authentication.
Potential impact on your site
Attackers can steal user data, modify form submissions, or disrupt site availability without needing a login.
Conditions required to exploit
Network access to the form; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities