A Capture Contact Form (and tab) - Insecure deserialization
Detected by

Fluid Attacks SAST Scanner
Disclosed by Andres Roldan
Summary
Full name
A Capture Contact Form (and tab) by AWebVoice.com trun - Insecure deserialization
Code name
State
Private
Release date
Mar 14, 2025
Affected product
A Capture Contact Form (and tab) by AWebVoice.com
Affected version(s)
Version trun
Vulnerability name
Insecure deserialization
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U
CVSS v4.0 base score
1.7
Exploit available
No
CVE ID(s)
Description
A Capture Contact Form (and tab) by AWebVoice.com trun was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/awebvoicebuttonform.php.
Vulnerability
Skims by Fluid Attacks discovered a Insecure deserialization in A Capture Contact Form (and tab) by AWebVoice.com trun. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-31287 to refer to this issue from now on. Disclosure policy
System Information
Product: A Capture Contact Form (and tab) by AWebVoice.com
Version: trun
Mitigation
There is currently no patch available for this vulnerability.
Timeline
Mar 14, 2025
Vulnerability discovered
Mar 14, 2025
Vendor contacted
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.