PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable.

N/A

对路径名的限制不恰当(路径遍历)

PHP FormMail Generator 路径遍历漏洞

PHP FormMail Generator是一套使用于生成包含在PHP或WordPress网站中的标准Web表单的PHP应用程序。 PHP FormMail Generator中存在安全漏洞，该漏洞源于所生成的PHP表单代码没有正确验证用户提交的文件夹路径。远程攻击者可利用该漏洞访问服务器上任意文件。

N/A

N/A