Machform: Security Vulnerabilities
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVSS Score
9.8
EPSS Score
0.072
Published
2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVSS Score
9.8
EPSS Score
0.104
Published
2018-05-26
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2013-07-29
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
CVSS Score
6.8
EPSS Score
0.089
Published
2013-07-29
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
CVSS Score
4.3
EPSS Score
0.037
Published
2013-07-29
Page 2