2 matches found
CVE-2023-27507
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it...
CVE-2023-27507
CVE-2023-27507 affects MicroEngine Mailform, versions 1.1.0 through 1.1.8. The root cause is a path traversal vulnerability in the file upload/server save logic, allowing a remote attacker to save arbitrary files on the server and execute them when the affected functions are enabled. Impact inclu...