4 results (0.005 seconds)

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE2-3.md https://vuldb.com/?ctiid.271992 https://vuldb.com/?id.271992 https://vuldb.com/?submit.372602 • CWE-73: External Control of File Name or Path •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code injection. The attack may be initiated remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE2-2.md https://vuldb.com/?ctiid.271991 https://vuldb.com/?id.271991 https://vuldb.com/?submit.372318 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE2-1.md https://vuldb.com/?ctiid.271990 https://vuldb.com/?id.271990 https://vuldb.com/?submit.372317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md https://vuldb.com/?ctiid.271989 https://vuldb.com/?id.271989 https://vuldb.com/?submit.372309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •