22 matches found
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
CVE-2024-22721
Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...
CVE-2024-6936
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...
CVE-2024-6937 formtools.org Form Tools Import Option List edit.php curl_exec file inclusion
A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curlexec of the file /admin/forms/optionlists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to...
CVE-2024-6935 formtools.org Form Tools User Settings Page cross site scripting
A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...
CVE-2024-6935
Form Tools 3.1.1 is affected by a cross-site scripting vulnerability in the User Settings Page, specifically the /admin/clients/ file. The issue is triggered remotely and has publicly disclosed exploit details. Affected component/URL: /admin/clients/ within Form Tools 3.1.1. Root cause and exact ...
CVE-2024-6934
CVE-2024-6934 affects Form Tools 3.1.1 (Form Tools) with a cross-site scripting flaw in /admin/forms/add/step2.php?submission_type=direct caused by manipulation of the Form URL. Exploitation is possible remotely; multiple sources and PT Security confirm the vulnerability and note no known fix for...
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
CVE-2024-22719
SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...
CVE-2024-22718
Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
CVE-2024-22718
CVE-2024-22718 is an XSS in Form Tools 3.1.1 via the client_id parameter in the application URL. Multiple sources (NVD/Red Hat/CNNVD/CVELIST) confirm a high-severity vulnerability with CVSS v3.1: base score 9.6 (CRITICAL, AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The Red Hat entry and other issuances...
CVE-2024-22721
Form Tools 3.1.1 suffers a Cross Site Request Forgery (CSRF) vulnerability that lets an attacker manipulate sensitive user data through a crafted link. Root cause: CSRF flaw in the application’s handling of requests. Impact: unauthorized modification of user data. Exploitation details are not ful...
CVE-2024-22721
Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...
CVE-2024-22722
Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...
CVE-2024-22717
CVE-2024-22717 concerns a Cross Site Scripting (XSS) vulnerability in Form Tools version 3.1.1, enabling attackers to run arbitrary code via the First Name field in the application. The Red Hat, NVD, CVE lists consistently describe a client-side script execution risk stemming from this input fiel...
CVE-2024-22717
Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application...
CVE-2024-22722
CVE-2024-22722 is a Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1. Affected component is the form-creation workflow, specifically the Group Name field under Add Forms, where SSTI can lead to arbitrary command execution. Publicly available exploit(s) exist: a GitHub proje...
CVE-2024-22719
SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...
CVE-2024-22719
CVE-2024-22719 describes an SQL injection in Form Tools 3.1.1 triggered by the keyword parameter during client search, enabling arbitrary SQL execution. Affected: Form Tools 3.1.1; root cause: unsanitized input in search; impact: high confidentiality/ integrity, CVSS v3.1 base = 8.1. Remediation:...