CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2018-6409 – MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
https://notcve.org/view.php?id=CVE-2018-6409
26 May 2018 — An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. Se ha descubierto un problema en Appnitro MachForm, en versiones anteriores a la 4.2.3. El módulo encargado de servir archivos almacenados obtiene la ruta de la base de datos. • https://packetstorm.news/files/id/147948 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-6410 – MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
https://notcve.org/view.php?id=CVE-2018-6410
26 May 2018 — An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. Se ha descubierto un problema en Appnitro MachForm, en versiones anteriores a la 4.2.3. Hay una inyección SQL en download.php mediante el parámetro q. Appnitro MachForm suffers from remote file upload, remote SQL injection, and path traversal vulnerabilities. • https://packetstorm.news/files/id/147948 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2013-4950 – Machform Form Maker 2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4950
29 Jul 2013 — Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. Múltiples vulnerabilidades XSS en view.php en Machform 2, permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarias a través del parámetro "element_2". • https://www.exploit-db.com/exploits/26553 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2013-4948 – Machform Form Maker 2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4948
29 Jul 2013 — SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. Vulnerabilidad de inyección SQL en view.php en Machform 2, permite a atacantes remotos ejecutar comandos SQL a través del parámetro "element_2". • https://www.exploit-db.com/exploits/26553 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2013-4949 – Machform Form Maker 2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4949
29 Jul 2013 — Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. Vulnerabilidad de subida de archivo sin restricción en view.php en Machform 2, permite a atacantes remotos ejecutar códgo PHP arbitrario mediante la subida de un archivo PHP y posteriormente realizando un petición hacia este archivo desde el formulario de "uploads" en el dire... • https://www.exploit-db.com/exploits/26553 •