CVE-2023-27397

Vulnerability summary (CVE-2023-27397) : MicroEngine Mailform (versions 1.1.0–1.1.8) suffers an unrestricted upload of a dangerous file type when the product’s file upload and server save options are enabled. This allows a remote attacker to save an arbitrary file on the server and execute it, le...

CVE-2023-27507

CVE-2023-27507 affects MicroEngine Mailform, versions 1.1.0 through 1.1.8. The root cause is a path traversal vulnerability in the file upload/server save logic, allowing a remote attacker to save arbitrary files on the server and execute them when the affected functions are enabled. Impact inclu...