CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

CVE-2021-20102

MachForm prior to version 16 is vulnerable to CSRF due to missing CSRF tokens. Root cause: lack of CSRF protection in the request handling. Affected product: MachForm (prior to v16). Impact (per sources): high in confidentiality, integrity, and availability with network-exposed risk. Remediation:...

CVE-2021-20101

CVE-2021-20101 affects MachForm prior to version 16, with an HTTP host header injection due to improper host header validation. This can cause a victim to receive malformed content. Multiple sources confirm the vulnerability in MachForm 15.x and earlier and identify version 16 as the fix. Impact ...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

Machform 代码问题漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...

Machform 注入漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...

Machform 跨站脚本漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...

Machform 输入验证错误漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...

Machform 跨站请求伪造漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...

Appnitro MachForm File Upload Vulnerability

Appnitro MachForm is a tool for creating responsive forms in web pages. A security vulnerability exists in Appnitro MachForm versions prior to 4.2.3. An attacker can exploit this vulnerability to bypass the file upload filter...

Appnitro MachForm Path Traversal Vulnerability

Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A path traversal vulnerability exists in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited to access arbitrary files on the system by sending the 'q' parameter to t...

Appnitro MachForm Detection (HTTP)

HTTP based detection of Appnitro MachForm. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141125...

Appnitro MachForm < 4.2.3 Multiple Vulnerabilities

Appnitro MachForm is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

MachForm &lt; 4.2.3 - SQL Injection / Path Traversal / Upload Bypass

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...

MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities

Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...

MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass

MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin...

Appnitro MachForm SQL Injection / Traversal / File Upload

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa @metalamin Google dork examples: ---------------------- "machform" inurl:"view.php...

Appnitro MachForm SQL Injection Vulnerability

Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A SQL injection vulnerability exists in the download.php file in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited by a remote attacker to browse, add, change, or...

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...