CVE-2016-9492 - OpenCVE

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jqueryform	Php Formmail Generator

Configuration 1 [-]

cpe:2.3:a:jqueryform:php_formmail_generator:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96718
https://www.kb.cert.org/vuls/id/608591

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-13T20:00:00

Updated: 2024-08-06T02:50:38.408Z

Reserved: 2016-11-21T00:00:00

Link: CVE-2016-9492

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-13T20:29:01.643

Modified: 2019-10-09T23:20:32.070

Link: CVE-2016-9492

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Generator", "vendor": "PHP FormMail", "versions": [{"lessThan": "17/12/2016", "status": "affected", "version": "17/12/2016", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to Ibram Marzouk for reporting this vulnerability."}], "datePublic": "2017-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "96718", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/608591"}], "source": {"discovery": "UNKNOWN"}, "title": "PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-9492", "STATE": "PUBLIC", "TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Generator", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "17/12/2016", "version_value": "17/12/2016"}]}}]}, "vendor_name": "PHP FormMail"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Ibram Marzouk for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434"}]}]}, "references": {"reference_data": [{"name": "96718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/608591"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.408Z"}, "title": "CVE Program Container", "references": [{"name": "96718", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/608591"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-9492", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-11-21T00:00:00", "dateUpdated": "2024-08-06T02:50:38.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jqueryform:php_formmail_generator:*:*:*:*:*:*:*:*", "matchCriteriaId": "083C5DB4-DAF1-435B-A03B-3B3F43A23A9B", "versionEndExcluding": "2016-12-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}, {"lang": "es", "value": "El c\u00f3digo generado por PHP FormMail Generator en versiones anteriores al 17 de diciembre de 2016 es vulnerable a la subida sin restricci\u00f3n de tipos de archivo peligrosos. En el archivo form.lib.php generado, los tipos de archivo de subida se comprueban contra una lista embebida de extensiones peligrosas. Esta lista no incluye todas las variaciones de archivos PHP, lo que puede conducir a la ejecuci\u00f3n del c\u00f3digo PHP contenido si el atacante puede adivinar el nombre de archivo subido. Por defecto, el formulario anexa una cadena aleatoria al fina del nombre de archivo."}], "id": "CVE-2016-9492", "lastModified": "2019-10-09T23:20:32.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T20:29:01.643", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96718"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/608591"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "cret@cert.org", "type": "Secondary"}]}