CVE-2023-40599
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-40599 refers to a Remote Denial-of-Service (DoS) vulnerability affecting multiple add-ons of Mailform Pro CGI 4.3.1.3 and earlier. Specifically, a ReDoS (Regular Expression Denial-of-Service) issue has been identified in call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. An unauthenticated attacker can exploit this vulnerability to trigger a denial-of-service condition, leading to service disruption. The vulnerability lies within the regular expression processing functionality of the affected add-ons, making them susceptible to malicious input that consumes substantial computational resources. Users are advised to update their Mailform Pro installations to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Mailform Pro CGI