All the vulnerabilites related to SYNCK GRAPHICA - Mailform Pro CGI
cve-2023-32610
Vulnerability from cvelistv5
Published
2023-06-29 00:57
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70502982/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mailform Pro CGI",
"vendor": "SYNCK GRAPHICA",
"versions": [
{
"status": "affected",
"version": "4.3.1.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:57:08.509Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
},
{
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70502982/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-32610",
"datePublished": "2023-06-29T00:57:08.509Z",
"dateReserved": "2023-05-11T04:09:38.946Z",
"dateUpdated": "2024-08-02T15:25:35.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40599
Vulnerability from cvelistv5
Published
2023-08-25 02:18
Modified
2024-10-02 17:42
Severity ?
EPSS score ?
Summary
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86484824/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T17:42:10.363109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T17:42:18.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mailform Pro CGI",
"vendor": "SYNCK GRAPHICA",
"versions": [
{
"status": "affected",
"version": "4.3.1.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Regular expression Denial-of-Service (ReDoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T02:18:19.849Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
},
{
"url": "https://jvn.jp/en/jp/JVN86484824/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-40599",
"datePublished": "2023-08-25T02:18:19.849Z",
"dateReserved": "2023-08-17T08:04:36.758Z",
"dateUpdated": "2024-10-02T17:42:18.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38400
Vulnerability from cvelistv5
Published
2022-09-08 07:10
Modified
2024-08-03 10:54
Severity ?
EPSS score ?
Summary
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.synck.com/blogs/news/newsroom/detail_1661907555.html | x_refsource_MISC | |
| https://www.synck.com/downloads/cgi-perl/mailformpro/index.html | x_refsource_MISC | |
| https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN34205166/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34205166/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mailform Pro CGI",
"vendor": "SYNCK GRAPHICA",
"versions": [
{
"status": "affected",
"version": "4.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:47",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN34205166/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mailform Pro CGI",
"version": {
"version_data": [
{
"version_value": "4.3.1 and earlier"
}
]
}
}
]
},
"vendor_name": "SYNCK GRAPHICA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html",
"refsource": "MISC",
"url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
},
{
"name": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html",
"refsource": "MISC",
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
},
{
"name": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html",
"refsource": "MISC",
"url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
},
{
"name": "https://jvn.jp/en/jp/JVN34205166/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN34205166/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38400",
"datePublished": "2022-09-08T07:10:47",
"dateReserved": "2022-08-30T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2023-000064
Vulnerability from jvndb
Published
2023-06-20 14:48
Modified
2024-04-26 18:03
Severity ?
Summary
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
Details
Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333).
Tran Quang Vu of FPT Software reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000064.html",
"dc:date": "2024-04-26T18:03+09:00",
"dcterms:issued": "2023-06-20T14:48+09:00",
"dcterms:modified": "2024-04-26T18:03+09:00",
"description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333).\r\n\r\nTran Quang Vu of FPT Software reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000064.html",
"sec:cpe": {
"#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
"@product": "Mailform Pro CGI",
"@vendor": "SYNCK GRAPHICA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000064",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70502982/index.html",
"@id": "JVN#70502982",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32610",
"@id": "CVE-2023-32610",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32610",
"@id": "CVE-2023-32610",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)"
}
jvndb-2015-000026
Vulnerability from jvndb
Published
2015-02-25 15:00
Modified
2015-03-02 14:23
Summary
SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
Details
Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000026.html",
"dc:date": "2015-03-02T14:23+09:00",
"dcterms:issued": "2015-02-25T15:00+09:00",
"dcterms:modified": "2015-03-02T14:23+09:00",
"description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000026.html",
"sec:cpe": {
"#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
"@product": "Mailform Pro CGI",
"@vendor": "SYNCK GRAPHICA",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN30135729/index.html",
"@id": "JVN#30135729",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0883",
"@id": "CVE-2015-0883",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0883",
"@id": "CVE-2015-0883",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution"
}
jvndb-2023-000087
Vulnerability from jvndb
Published
2023-08-24 14:12
Modified
2024-05-15 17:12
Severity ?
Summary
SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
Details
Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599).
This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above.
Tran Quang Vu of FPT Software reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000087.html",
"dc:date": "2024-05-15T17:12+09:00",
"dcterms:issued": "2023-08-24T14:12+09:00",
"dcterms:modified": "2024-05-15T17:12+09:00",
"description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599).\r\nThis vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above.\r\n\r\nTran Quang Vu of FPT Software reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000087.html",
"sec:cpe": {
"#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
"@product": "Mailform Pro CGI",
"@vendor": "SYNCK GRAPHICA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000087",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN86484824/index.html",
"@id": "JVN#86484824",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN70502982/",
"@id": "JVN#70502982",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40599",
"@id": "CVE-2023-40599",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40599",
"@id": "CVE-2023-40599",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)"
}
jvndb-2022-000068
Vulnerability from jvndb
Published
2022-09-05 15:22
Modified
2024-06-13 16:00
Severity ?
Summary
SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
Details
Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200).
Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds.
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN34205166/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-38400 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-38400 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SYNCK GRAPHICA | Mailform Pro CGI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
"dc:date": "2024-06-13T16:00+09:00",
"dcterms:issued": "2022-09-05T15:22+09:00",
"dcterms:modified": "2024-06-13T16:00+09:00",
"description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200).\r\n\r\nThanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds.\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
"sec:cpe": {
"#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
"@product": "Mailform Pro CGI",
"@vendor": "SYNCK GRAPHICA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.1",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000068",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34205166/index.html",
"@id": "JVN#34205166",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-38400",
"@id": "CVE-2022-38400",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38400",
"@id": "CVE-2022-38400",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure"
}