cvedb.io
CVE-2016-9483
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-13T20:29:01.330 · Last modified 2026-06-17T00:56:08.977

Summary

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.

Affected products

jqueryform — php_formmail_generator

Does this affect you?

Add your gear to cvedb and we'll alert you only when jqueryform ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.