Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    17 vulnerabilities by SYNCK GRAPHICA

    CVE-2025-43881 (GCVE-0-2025-43881)

    Vulnerability from nvd – Published: 2025-07-23 04:38 – Updated: 2025-07-23 15:14
    VLAI
    Summary
    Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper validation of specified quantity in input
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Real-time Bus Tracking System Affected: versions prior to 1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:22:03.531392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T15:14:12.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Real-time Bus Tracking System",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "Improper validation of specified quantity in input",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T04:38:35.253Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/downloads/cgi-perl/buslocationsystem/index.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN21177718/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-43881",
        "datePublished": "2025-07-23T04:38:35.253Z",
        "dateReserved": "2025-07-16T04:42:11.274Z",
        "dateUpdated": "2025-07-23T15:14:12.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41441 (GCVE-0-2025-41441)

    Vulnerability from nvd – Published: 2025-05-26 06:27 – Updated: 2025-05-27 13:38
    VLAI
    Summary
    Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of error message containing sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: prior to 4.3.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41441",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T13:36:59.610956Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T13:38:28.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 4.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of error message containing sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-26T06:27:12.284Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1745302910.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39546799/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-41441",
        "datePublished": "2025-05-26T06:27:12.284Z",
        "dateReserved": "2025-05-21T06:48:52.882Z",
        "dateUpdated": "2025-05-27T13:38:28.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40599 (GCVE-0-2023-40599)

    Vulnerability from nvd – Published: 2023-08-25 02:18 – Updated: 2024-10-02 17:42
    VLAI
    Summary
    Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Regular expression Denial-of-Service (ReDoS)
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1.3 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86484824/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:42:10.363109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:42:18.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1.3 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular expression Denial-of-Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T02:18:19.849Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86484824/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-40599",
        "datePublished": "2023-08-25T02:18:19.849Z",
        "dateReserved": "2023-08-17T08:04:36.758Z",
        "dateUpdated": "2024-10-02T17:42:18.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32610 (GCVE-0-2023-32610)

    Vulnerability from nvd – Published: 2023-06-29 00:57 – Updated: 2024-11-26 20:21
    VLAI
    Summary
    Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial-of-service (DoS)
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN70502982/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T20:21:30.758630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T20:21:40.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:57:08.509Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
            },
            {
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70502982/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32610",
        "datePublished": "2023-06-29T00:57:08.509Z",
        "dateReserved": "2023-05-11T04:09:38.946Z",
        "dateUpdated": "2024-11-26T20:21:40.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38400 (GCVE-0-2022-38400)

    Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
    VLAI
    Summary
    Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.
    Severity
    No CVSS data available.
    CWE
    • Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-08T07:10:47.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-38400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mailform Pro CGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SYNCK GRAPHICA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
                },
                {
                  "name": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
                },
                {
                  "name": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN34205166/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-38400",
        "datePublished": "2022-09-08T07:10:47.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:54:03.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000051

    Vulnerability from jvndb - Published: 2025-07-23 13:54 - Updated:2025-07-23 13:54
    Severity
    Summary
    Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
    Details
    Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability.
    • Improper validation of specified quantity in input (CWE-1284) - CVE-2025-43881
    n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000051.html",
      "dc:date": "2025-07-23T13:54+09:00",
      "dcterms:issued": "2025-07-23T13:54+09:00",
      "dcterms:modified": "2025-07-23T13:54+09:00",
      "description": "Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eImproper validation of specified quantity in input (CWE-1284) - CVE-2025-43881\u003c/li\u003e\u003c/ul\u003e\r\nn3ddih reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000051.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:bus_location_system",
        "@product": "Bus Location System",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000051",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN21177718/index.html",
          "@id": "JVN#21177718",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-43881",
          "@id": "CVE-2025-43881",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input"
    }

    JVNDB-2025-000032

    Vulnerability from jvndb - Published: 2025-05-26 14:22 - Updated:2025-05-26 14:22
    Severity
    Summary
    Mailform Pro CGI generating error messages containing sensitive information
    Details
    Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below.
    • Generation of error message containing sensitive information (CWE-209) - CVE-2025-41441
    Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000032.html",
      "dc:date": "2025-05-26T14:22+09:00",
      "dcterms:issued": "2025-05-26T14:22+09:00",
      "dcterms:modified": "2025-05-26T14:22+09:00",
      "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below.\r\n\u003cul\u003e\u003cli\u003eGeneration of error message containing sensitive information (CWE-209) -  CVE-2025-41441\u003c/li\u003e\u003c/ul\u003e\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000032.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
        "@product": "Mailform Pro CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "3.7",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000032",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN39546799/index.html",
          "@id": "JVN#39546799",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-41441",
          "@id": "CVE-2025-41441",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2025-4141",
          "@id": "CVE-2025-41441",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Mailform Pro CGI generating error messages containing sensitive information"
    }

    JVNDB-2023-000087

    Vulnerability from jvndb - Published: 2023-08-24 14:12 - Updated:2024-05-15 17:12
    Severity
    Summary
    SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
    Details
    Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599). This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Tran Quang Vu of FPT Software reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000087.html",
      "dc:date": "2024-05-15T17:12+09:00",
      "dcterms:issued": "2023-08-24T14:12+09:00",
      "dcterms:modified": "2024-05-15T17:12+09:00",
      "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333, CVE-2023-40599).\r\nThis vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above.\r\n\r\nTran Quang Vu of FPT Software reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000087.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
        "@product": "Mailform Pro CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "3.7",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000087",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN86484824/index.html",
          "@id": "JVN#86484824",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/jp/JVN70502982/",
          "@id": "JVN#70502982",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40599",
          "@id": "CVE-2023-40599",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40599",
          "@id": "CVE-2023-40599",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)"
    }

    JVNDB-2023-000064

    Vulnerability from jvndb - Published: 2023-06-20 14:48 - Updated:2024-04-26 18:03
    Severity
    Summary
    SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)
    Details
    Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333). Tran Quang Vu of FPT Software reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000064.html",
      "dc:date": "2024-04-26T18:03+09:00",
      "dcterms:issued": "2023-06-20T14:48+09:00",
      "dcterms:modified": "2024-04-26T18:03+09:00",
      "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333).\r\n\r\nTran Quang Vu of FPT Software reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000064.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
        "@product": "Mailform Pro CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "3.7",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000064",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN70502982/index.html",
          "@id": "JVN#70502982",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32610",
          "@id": "CVE-2023-32610",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32610",
          "@id": "CVE-2023-32610",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)"
    }

    JVNDB-2022-000068

    Vulnerability from jvndb - Published: 2022-09-05 15:22 - Updated:2024-06-13 16:00
    Severity
    Summary
    SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
    Details
    Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200). Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
      "dc:date": "2024-06-13T16:00+09:00",
      "dcterms:issued": "2022-09-05T15:22+09:00",
      "dcterms:modified": "2024-06-13T16:00+09:00",
      "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200).\r\n\r\nThanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds.\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
        "@product": "Mailform Pro CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000068",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN34205166/index.html",
          "@id": "JVN#34205166",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-38400",
          "@id": "CVE-2022-38400",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38400",
          "@id": "CVE-2022-38400",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure"
    }

    JVNDB-2015-000026

    Vulnerability from jvndb - Published: 2015-02-25 15:00 - Updated:2015-03-02 14:23
    Severity
    N/A (UNKNOWN) - -
    Summary
    SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
    Details
    Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000026.html",
      "dc:date": "2015-03-02T14:23+09:00",
      "dcterms:issued": "2015-02-25T15:00+09:00",
      "dcterms:modified": "2015-03-02T14:23+09:00",
      "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000026.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
        "@product": "Mailform Pro CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000026",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN30135729/index.html",
          "@id": "JVN#30135729",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0883",
          "@id": "CVE-2015-0883",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0883",
          "@id": "CVE-2015-0883",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        }
      ],
      "title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution"
    }

    JVNDB-2015-000006

    Vulnerability from jvndb - Published: 2015-01-19 13:54 - Updated:2015-02-13 15:09
    Severity
    N/A (UNKNOWN) - -
    Summary
    SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal
    Details
    Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000006.html",
      "dc:date": "2015-02-13T15:09+09:00",
      "dcterms:issued": "2015-01-19T13:54+09:00",
      "dcterms:modified": "2015-02-13T15:09+09:00",
      "description": "Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000006.html",
      "sec:cpe": {
        "#text": "cpe:/a:synck_graphica:download_log_cgi",
        "@product": "Download Log CGI",
        "@vendor": "SYNCK GRAPHICA",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000006",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN88559134/index.html",
          "@id": "JVN#88559134",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0867",
          "@id": "CVE-2015-0867",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0867",
          "@id": "CVE-2015-0867",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal"
    }

    CVE-2025-43881 (GCVE-0-2025-43881)

    Vulnerability from cvelistv5 – Published: 2025-07-23 04:38 – Updated: 2025-07-23 15:14
    VLAI
    Summary
    Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper validation of specified quantity in input
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Real-time Bus Tracking System Affected: versions prior to 1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:22:03.531392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T15:14:12.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Real-time Bus Tracking System",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "Improper validation of specified quantity in input",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T04:38:35.253Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/downloads/cgi-perl/buslocationsystem/index.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN21177718/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-43881",
        "datePublished": "2025-07-23T04:38:35.253Z",
        "dateReserved": "2025-07-16T04:42:11.274Z",
        "dateUpdated": "2025-07-23T15:14:12.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41441 (GCVE-0-2025-41441)

    Vulnerability from cvelistv5 – Published: 2025-05-26 06:27 – Updated: 2025-05-27 13:38
    VLAI
    Summary
    Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of error message containing sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: prior to 4.3.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41441",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T13:36:59.610956Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T13:38:28.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 4.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of error message containing sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-26T06:27:12.284Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1745302910.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39546799/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-41441",
        "datePublished": "2025-05-26T06:27:12.284Z",
        "dateReserved": "2025-05-21T06:48:52.882Z",
        "dateUpdated": "2025-05-27T13:38:28.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40599 (GCVE-0-2023-40599)

    Vulnerability from cvelistv5 – Published: 2023-08-25 02:18 – Updated: 2024-10-02 17:42
    VLAI
    Summary
    Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Regular expression Denial-of-Service (ReDoS)
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1.3 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:50.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86484824/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:42:10.363109Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:42:18.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1.3 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular expression Denial-of-Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T02:18:19.849Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86484824/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-40599",
        "datePublished": "2023-08-25T02:18:19.849Z",
        "dateReserved": "2023-08-17T08:04:36.758Z",
        "dateUpdated": "2024-10-02T17:42:18.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32610 (GCVE-0-2023-32610)

    Vulnerability from cvelistv5 – Published: 2023-06-29 00:57 – Updated: 2024-11-26 20:21
    VLAI
    Summary
    Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial-of-service (DoS)
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN70502982/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T20:21:30.758630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T20:21:40.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial-of-service (DoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:57:08.509Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1686638620.html"
            },
            {
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1361268679.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70502982/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32610",
        "datePublished": "2023-06-29T00:57:08.509Z",
        "dateReserved": "2023-05-11T04:09:38.946Z",
        "dateUpdated": "2024-11-26T20:21:40.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38400 (GCVE-0-2022-38400)

    Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
    VLAI
    Summary
    Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.
    Severity
    No CVSS data available.
    CWE
    • Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SYNCK GRAPHICA Mailform Pro CGI Affected: 4.3.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mailform Pro CGI",
              "vendor": "SYNCK GRAPHICA",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-08T07:10:47.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-38400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mailform Pro CGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SYNCK GRAPHICA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/blogs/news/newsroom/detail_1661907555.html"
                },
                {
                  "name": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/index.html"
                },
                {
                  "name": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html",
                  "refsource": "MISC",
                  "url": "https://www.synck.com/downloads/cgi-perl/mailformpro/feature_1381250709.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN34205166/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN34205166/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-38400",
        "datePublished": "2022-09-08T07:10:47.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:54:03.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }