Browse all 5 CVE security advisories affecting PHP FormMail. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PHP FormMail is a widely used PHP script designed to process HTML forms and send their contents via email. Historically, it has been plagued with multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from insufficient input validation and insecure handling of user-supplied data. The five recorded CVEs highlight persistent security flaws, often allowing attackers to execute arbitrary code, manipulate form submissions, or gain unauthorized access. Despite its popularity, the script's age and simplistic design have made it a frequent target for exploitation, particularly in legacy systems where it remains deployed. Security researchers consistently advise against its use in favor of more secure, modern alternatives.
This page lists every published CVE security advisory associated with PHP FormMail. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.