CVE-2016-9493 - OpenCVE

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jqueryform	Php Formmail Generator

Configuration 1 [-]

cpe:2.3:a:jqueryform:php_formmail_generator:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96718
https://www.kb.cert.org/vuls/id/608591

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-13T20:00:00

Updated: 2024-08-06T02:50:38.435Z

Reserved: 2016-11-21T00:00:00

Link: CVE-2016-9493

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-13T20:29:01.690

Modified: 2019-10-09T23:20:32.193

Link: CVE-2016-9493

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Generator", "vendor": "PHP FormMail", "versions": [{"lessThan": "17/12/2016", "status": "affected", "version": "17/12/2016", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to Ibram Marzouk for reporting this vulnerability."}], "datePublic": "2017-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "96718", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/608591"}], "source": {"discovery": "UNKNOWN"}, "title": "PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-9493", "STATE": "PUBLIC", "TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Generator", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "17/12/2016", "version_value": "17/12/2016"}]}}]}, "vendor_name": "PHP FormMail"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Ibram Marzouk for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80"}]}]}, "references": {"reference_data": [{"name": "96718", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/608591"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.435Z"}, "title": "CVE Program Container", "references": [{"name": "96718", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96718"}, {"name": "VU#608591", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/608591"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-9493", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-11-21T00:00:00", "dateUpdated": "2024-08-06T02:50:38.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jqueryform:php_formmail_generator:*:*:*:*:*:*:*:*", "matchCriteriaId": "083C5DB4-DAF1-435B-A03B-3B3F43A23A9B", "versionEndExcluding": "2016-12-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."}, {"lang": "es", "value": "El c\u00f3digo generado por PHP FormMail Generator en versiones anteriores al 17 de diciembre de 2016 es vulnerable a Cross-Site Scripting (XSS) persistente. En el archivo form.lib.php generado, los tipos de archivo de subida se comprueban contra una lista embebida de extensiones peligrosas. Esta lista no incluye todas las variaciones de archivos PHP, lo que puede conducir a la ejecuci\u00f3n del c\u00f3digo PHP contenido si el atacante puede adivinar el nombre de archivo subido. Por defecto, el formulario anexa una cadena aleatoria al fina del nombre de archivo."}], "id": "CVE-2016-9493", "lastModified": "2019-10-09T23:20:32.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T20:29:01.690", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96718"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/608591"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-80"}], "source": "cret@cert.org", "type": "Secondary"}]}