CVE-2016-9482— PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-9482
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用假设不可变数据进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP FormMail Generator 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP FormMail Generator是一套使用于生成包含在PHP或WordPress网站中的标准Web表单的PHP应用程序。 PHP FormMail Generator中所生成的代码存在授权问题漏洞。远程攻击者可利用该漏洞绕过身份验证,访问管理员面板。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| PHP FormMail | Generator | 2016-12-06 ~ 2016-12-06 | - |
II. Public POCs for CVE-2016-9482
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-9482
请登录查看更多情报信息。
Same Patch Batch · PHP FormMail · 2018-07-13 · 5 CVEs total
| CVE-2016-9483 | PHP FormMail Generator generates PHP code for standard web forms, and the code generated i | |
| CVE-2016-9484 | PHP FormMail Generator generates PHP code for standard web forms, and the code generated d | |
| CVE-2016-9492 | PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload | |
| CVE-2016-9493 | PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site s |
IV. Related Vulnerabilities
Same product: Generator
Same vendor: PHP FormMail
Same weakness: CWE-302
- CVE-2026-28510
elabftw allows MFA bypass during login - CVE-2026-27840
ZITADEL's truncated opaque tokens are still valid - CVE-2024-45370
Socomec Easy Config System 安全漏洞 - CVE-2025-47158
Azure DevOps Server Elevation of Privilege Vulnerability - CVE-2025-20285
Cisco Identity Services Engine IP Filter Access Restriction
V. Comments for CVE-2016-9482
No comments yet