10 matches found
CVE-2024-22722
CVE-2024-22722 is a Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1. Affected component is the form-creation workflow, specifically the Group Name field under Add Forms, where SSTI can lead to arbitrary command execution. Publicly available exploit(s) exist: a GitHub proje...
CVE-2024-22718
CVE-2024-22718 is an XSS in Form Tools 3.1.1 via the client_id parameter in the application URL. Multiple sources (NVD/Red Hat/CNNVD/CVELIST) confirm a high-severity vulnerability with CVSS v3.1: base score 9.6 (CRITICAL, AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The Red Hat entry and other issuances...
CVE-2024-6936
Form Tools 3.1.1 has a vulnerability in the Setting Handler (file /admin/settings/index.php?page=accounts) where manipulating the Page Theme parameter leads to code injection. The issue can be exploited remotely, and public exploit information exists. Documents do not provide an official patched ...
CVE-2024-22719
CVE-2024-22719 describes an SQL injection in Form Tools 3.1.1 triggered by the keyword parameter during client search, enabling arbitrary SQL execution. Affected: Form Tools 3.1.1; root cause: unsanitized input in search; impact: high confidentiality/ integrity, CVSS v3.1 base = 8.1. Remediation:...
CVE-2024-6935
Form Tools 3.1.1 is affected by a cross-site scripting vulnerability in the User Settings Page, specifically the /admin/clients/ file. The issue is triggered remotely and has publicly disclosed exploit details. Affected component/URL: /admin/clients/ within Form Tools 3.1.1. Root cause and exact ...
CVE-2024-22721
Form Tools 3.1.1 suffers a Cross Site Request Forgery (CSRF) vulnerability that lets an attacker manipulate sensitive user data through a crafted link. Root cause: CSRF flaw in the application’s handling of requests. Impact: unauthorized modification of user data. Exploitation details are not ful...
CVE-2024-6934
CVE-2024-6934 affects Form Tools 3.1.1 (Form Tools) with a cross-site scripting flaw in /admin/forms/add/step2.php?submission_type=direct caused by manipulation of the Form URL. Exploitation is possible remotely; multiple sources and PT Security confirm the vulnerability and note no known fix for...
CVE-2024-22637
CVE-2024-22637 refers to a reflected cross-site scripting (XSS) vulnerability in Form Tools v3.1.1, exploitable via the endpoint /form_builder/preview.php?form_id=2. Root cause: insufficient validation/sanitization in the preview component that processes the form_id parameter, enabling injection ...
CVE-2024-22717
CVE-2024-22717 concerns a Cross Site Scripting (XSS) vulnerability in Form Tools version 3.1.1, enabling attackers to run arbitrary code via the First Name field in the application. The Red Hat, NVD, CVE lists consistently describe a client-side script execution risk stemming from this input fiel...
CVE-2024-6937
Form Tools 3.1.1 is affected in the Import Option List component, specifically the curl_exec function in /admin/forms/option_lists/edit.php. The vulnerability arises from manipulation of the url argument, causing file inclusion and enabling a remote attack. Public disclosure is noted. Remediation...