Описание
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:joe_lumbroso_acks:formmail.php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:joe_lumbroso_acks:formmail.php:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00674
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
EPSS
Процентиль: 71%
0.00674
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other