Vulnerability Details : CVE-2023-32610
Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
Vulnerability category: Denial of service
Products affected by CVE-2023-32610
- cpe:2.3:a:synck:mailform_pro_cgi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32610
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32610
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-32610
-
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-32610
-
https://jvn.jp/en/jp/JVN70502982/index.html
JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)Third Party Advisory
-
https://www.synck.com/blogs/news/newsroom/detail_1686638620.html
メールフォームプロ サービス運用妨害 (DoS) の脆弱性 について(インフォメーション) | 札幌Web制作のシンクグラフィカProduct
-
https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html
郵便番号から住所自動入力/メールフォームプロCGI | 札幌Web制作のシンクグラフィカProduct
Jump to