CVE-2024-6936

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271991. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:formtools:form_tools:3.1.1:*:*:*:*:*:*:*

History

01 Oct 2024, 20:37

Type Values Removed Values Added
CVSS v2 : 3.3
v3 : 2.7
v2 : 3.3
v3 : 4.9
First Time Formtools
Formtools form Tools
References () https://github.com/DeepMountains/Mirage/blob/main/CVE2-2.md - () https://github.com/DeepMountains/Mirage/blob/main/CVE2-2.md - Broken Link
References () https://vuldb.com/?ctiid.271991 - () https://vuldb.com/?ctiid.271991 - Permissions Required
References () https://vuldb.com/?id.271991 - () https://vuldb.com/?id.271991 - Third Party Advisory
References () https://vuldb.com/?submit.372318 - () https://vuldb.com/?submit.372318 - Third Party Advisory
CPE cpe:2.3:a:formtools:form_tools:3.1.1:*:*:*:*:*:*:*

22 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en formtools.org Form Tools 3.1.1 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /admin/settings/index.php?page=accounts del componente Setting Handler. La manipulación del argumento Page Theme conduce a la inyección de código. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-271991. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

21 Jul 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-21 04:15

Updated : 2024-10-01 20:37


NVD link : CVE-2024-6936

Mitre link : CVE-2024-6936

CVE.ORG link : CVE-2024-6936


JSON object : View

Products Affected

formtools

  • form_tools
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')