24 matches found
CVE-2018-6409
Summary: CVE-2018-6409 affects Appnitro MachForm
CVE-2018-6409
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...
CVE-2018-6410
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...
CVE-2018-6410
Appnitro MachForm before 4.2.3 is affected by a download.php SQL injection via the q parameter. Public sources (NVD/NVD mirrors, Exploit-DB) describe exploitation and related path traversal/upload bypass via this vulnerability, with exploits available (e.g., Exploit-DB 44804). The issue is addres...