Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and earlier, which stems from the presence of a validated stored cross-site scripting vulnerability...

CVE-2024-37764

MachForm up to version 19 is affected by an authenticated stored cross-site scripting...

CVE-2024-37762

CVE-2024-37762 affects MachForm up to version 21, with an authenticated unrestricted file upload that leads to remote code execution. The vulnerability is confirmed across multiple sources (NVD/NVD-derived feeds and Red Hat/CNNVD/CVE records). Impact is described as remote code execution with hig...

CVE-2024-37764

CVE-2024-37764 affects MachForm up to version 19 with an authenticated stored cross-site scripting vulnerability. The issue is triggered by input that is stored and later rendered in web pages (no exploitation details provided in the documents). Remediation: upgrade MachForm to version 20 or late...

CVE-2024-37762

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2024-37762

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting vulnerability that can impact users with valid sessions who view compiled forms results. The issue is documented across multiple sources (NVD/Red Hat/CVE listings and third-party advisories) with no public exp...

CVE-2024-37765

Summary: CVE-2024-37765 affects Machform up to version 19 and is rooted in an authenticated blind SQL injection in the user account settings page (my_account.php), enabling time-based exfiltration via crafted requests. Exploitation details in the connected reports show the vulnerability occurs in...

PT-2024-27737 · Machform · Machform

Name of the Vulnerable Software and Affected Versions: Machform versions prior to 20 Description: The issue is related to an authenticated Blind SQL injection in the user account settings page. Recommendations: For versions prior to 20, update to version 20 or later to resolve the issue...

PT-2024-27735 · Machform · Machform

Name of the Vulnerable Software and Affected Versions: MachForm versions up to 19 Description: The issue is an unauthenticated stored cross-site scripting that affects users with valid sessions who can view compiled forms results. Recommendations: For versions up to 19, update to a version that...

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that stems from the presence of an unauthenticated stored cross-site scripting vulnerability...

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that originates from an authenticated blind SQL injection in the user account settings page...

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 21 and prior versions, which stems from being affected by an authenticated unrestricted file upload and can lead to remote code execution...

Machform Cross-Site Request Forgery Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...

Machform HTTP Host Header Injection Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...

Machform Open Redirect Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...

Machform Cross-Site Scripting Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...

Machform Remote Code Execution Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...