Microengine: >> Mailform >> 1.1.5 Security Vulnerabilities
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-23
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-05-23