Primary

Context

Mailform Pro CGI Sensitive Information Disclosure Vulnerability in Coupon Feature

Vulnerability

Patched

A vulnerability exists in Mailform Pro CGI versions prior to 4.3.4, provided by SYNCK GRAPHICA. This issue arises from the generation of error messages that inadvertently disclose sensitive information, specifically coupon codes. The vulnerability is present only in products that utilize the coupon feature.

Impact

Exploitation of this vulnerability allows remote unauthenticated attackers to obtain coupon codes.

Remediation

Users are advised to update Mailform Pro CGI to version 4.3.4 or later. For those using the coupon feature, the updated files can be downloaded from the Mailform Pro download page.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mailform Pro CGI Sensitive Information Disclosure Vulnerability in Coupon Feature

Vulnerability

Impact

Remediation

Affected Products

SYNCK GRAPHICA Mailform Pro CGI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating