134 matches found
CVE-2021-20104
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...
CVE-2021-20103
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...
CVE-2021-20103
MachForm prior to version 16 is affected by a stored cross-site scripting vulnerability due to insufficient sanitization of file attachments uploaded with forms via upload.php. The root cause is inadequate validation/sanitization of attachments, allowing injected JavaScript to be stored and poten...
CVE-2021-20102
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...
CVE-2021-20102
MachForm prior to version 16 is vulnerable to CSRF due to missing CSRF tokens. Root cause: lack of CSRF protection in the request handling. Affected product: MachForm (prior to v16). Impact (per sources): high in confidentiality, integrity, and availability with network-exposed risk. Remediation:...
CVE-2021-20101
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...
CVE-2021-20101
CVE-2021-20101 affects MachForm prior to version 16, with an HTTP host header injection due to improper host header validation. This can cause a victim to receive malformed content. Multiple sources confirm the vulnerability in MachForm 15.x and earlier and identify version 16 as the fix. Impact ...
Machform 代码问题漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...
Machform 注入漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...
Machform 输入验证错误漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An open redirect vulnerability exists in Safariinit.php in versions prior to Machform 16. The vulnerability stems from improper validation of the ref parameter. An...
Machform 跨站脚本漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...
Machform 跨站请求伪造漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...
Appnitro MachForm File Upload Vulnerability
Appnitro MachForm is a tool for creating responsive forms in web pages. A security vulnerability exists in Appnitro MachForm versions prior to 4.2.3. An attacker can exploit this vulnerability to bypass the file upload filter...
Appnitro MachForm Path Traversal Vulnerability
Appnitro MachForm is a tool for creating responsive forms in web pages from Appnitro Software Indonesia. A path traversal vulnerability exists in Appnitro MachForm versions prior to 4.2.3. The vulnerability can be exploited to access arbitrary files on the system by sending the 'q' parameter to t...
Appnitro MachForm Detection (HTTP)
HTTP based detection of Appnitro MachForm. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141125...
Appnitro MachForm < 4.2.3 Multiple Vulnerabilities
Appnitro MachForm is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities
Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...
Appnitro MachForm SQL Injection / Traversal / File Upload
Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa @metalamin Google dork examples: ---------------------- "machform" inurl:"view.php...