Appnitro MachForm SQL Injection Vulnerability

Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A SQL injection vulnerability exists in the download.php file in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited by a remote attacker to browse, add, change, or...

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

Path traversal

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

CVE-2018-6409

Summary: CVE-2018-6409 affects Appnitro MachForm

CVE-2018-6411

CVE-2018-6411 affects Appnitro MachForm before 4.2.3. The vulnerability arises when a form filters: a blacklist may automatically include dangerous extensions, while a whitelist can be bypassed via an ap_form_elements SQL Injection. This implies risk of SQL Injection and filter bypass (impacting ...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6410

Appnitro MachForm before 4.2.3 is affected by a download.php SQL injection via the q parameter. Public sources (NVD/NVD mirrors, Exploit-DB) describe exploitation and related path traversal/upload bypass via this vulnerability, with exploits available (e.g., Exploit-DB 44804). The issue is addres...

Machform Form Maker 2 - Multiple Vulnerabilities

No description provided by source...

CVE-2013-4950

Cross-site scripting XSS vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element2 parameter...

CVE-2013-4948

SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element2 parameter...

CVE-2013-4949

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/...