Vulnerabilites related to machform - machform
Vulnerability from fkie_nvd
Published
2013-07-29 23:27
Modified
2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B0DFC803-BC1F-4279-8B44-D514F493F572", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.", }, { lang: "es", value: "Vulnerabilidad de subida de archivo sin restricción en view.php en Machform 2, permite a atacantes remotos ejecutar códgo PHP arbitrario mediante la subida de un archivo PHP y posteriormente realizando un petición hacia este archivo desde el formulario de \"uploads\" en el directorio /data.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n'CWE-434: Unrestricted Upload of File with Dangerous Type'", id: "CVE-2013-4949", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-29T23:27:50.033", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/94802", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/94802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85386", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-26 22:29
Modified
2024-11-21 04:10
Severity ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "4036C724-F4F7-471C-B52C-66D77A333567", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.", }, { lang: "es", value: "Se ha descubierto un problema en Appnitro MachForm, en versiones anteriores a la 4.2.3. Cuando el formulario se configura para que filtre una lista negra, añade automáticamente extensiones peligrosas a los filtros. Si el filtro está asignado a una lista blanca, las extensiones peligrosas pueden omitirse mediante una inyección SQL en ap_form_elements.", }, ], id: "CVE-2018-6411", lastModified: "2024-11-21T04:10:39.690", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-26T22:29:00.480", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-26 22:29
Modified
2024-11-21 04:10
Severity ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "4036C724-F4F7-471C-B52C-66D77A333567", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.", }, { lang: "es", value: "Se ha descubierto un problema en Appnitro MachForm, en versiones anteriores a la 4.2.3. El módulo encargado de servir archivos almacenados obtiene la ruta de la base de datos. La modificación del nombre del archivo que se debe servir en la tabla ap_form correspondiente conduce a una vulnerabilidad de salto de directorio mediante el parámetro q en download.php.", }, ], id: "CVE-2018-6409", lastModified: "2024-11-21T04:10:39.397", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-26T22:29:00.370", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 16:15
Modified
2024-11-21 05:45
Severity ?
Summary
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", matchCriteriaId: "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", versionEndExcluding: "16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.", }, { lang: "es", value: "Machform anterior a versión 16,, es vulnerable a una inyección de encabezados de host HTTP debido a que los encabezados de host no son comprobados apropiadamente. Esto podría causar que una víctima reciba contenido malformado", }, ], id: "CVE-2021-20101", lastModified: "2024-11-21T05:45:55.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T16:15:08.110", references: [ { source: "vulnreport@tenable.com", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 16:15
Modified
2024-11-21 05:45
Severity ?
Summary
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", matchCriteriaId: "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", versionEndExcluding: "16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.", }, { lang: "es", value: "Machform anterior a versión 16, es vulnerable a un redireccionamiento abierto en el archivo Safari_init.php debido a un parámetro \"ref\" saneado inapropiadamente", }, ], id: "CVE-2021-20105", lastModified: "2024-11-21T05:45:55.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T16:15:08.247", references: [ { source: "vulnreport@tenable.com", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-29 23:27
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B0DFC803-BC1F-4279-8B44-D514F493F572", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.", }, { lang: "es", value: "Múltiples vulnerabilidades XSS en view.php en Machform 2, permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarias a través del parámetro \"element_2\".", }, ], id: "CVE-2013-4950", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-07-29T23:27:50.043", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/94803", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/94803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 16:15
Modified
2024-11-21 05:45
Severity ?
Summary
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", matchCriteriaId: "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", versionEndExcluding: "16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.", }, { lang: "es", value: "Machform anterior a versión 16, es vulnerable a un ataque de tipo cross-site request forgery debido a una falta de tokens CSRF en el sitio", }, ], id: "CVE-2021-20102", lastModified: "2024-11-21T05:45:55.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T16:15:08.147", references: [ { source: "vulnreport@tenable.com", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 16:15
Modified
2024-11-21 05:45
Severity ?
Summary
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", matchCriteriaId: "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", versionEndExcluding: "16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, { lang: "es", value: "Machform anterior a versión 16, es vulnerable a la ejecución de código remota no autenticada debido a un saneamiento insuficiente de los archivos adjuntos cargados con los formularios mediante el archivo upload.php", }, ], id: "CVE-2021-20104", lastModified: "2024-11-21T05:45:55.803", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T16:15:08.213", references: [ { source: "vulnreport@tenable.com", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-29 23:27
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B0DFC803-BC1F-4279-8B44-D514F493F572", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en view.php en Machform 2, permite a atacantes remotos ejecutar comandos SQL a través del parámetro \"element_2\".", }, ], id: "CVE-2013-4948", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-29T23:27:50.007", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/94801", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/94801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/26553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85388", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-26 22:29
Modified
2024-11-21 04:10
Severity ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://metalamin.github.io/MachForm-not-0-day-EN/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44804/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.machform.com/blog-machform-423-security-release/ | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "4036C724-F4F7-471C-B52C-66D77A333567", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.", }, { lang: "es", value: "Se ha descubierto un problema en Appnitro MachForm, en versiones anteriores a la 4.2.3. Hay una inyección SQL en download.php mediante el parámetro q.", }, ], id: "CVE-2018-6410", lastModified: "2024-11-21T04:10:39.547", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-26T22:29:00.417", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44804/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 16:15
Modified
2024-11-21 05:45
Severity ?
Summary
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*", matchCriteriaId: "DD08E317-54C3-4F04-A8AE-98C9FB7C8D45", versionEndExcluding: "16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, { lang: "es", value: "Machform anterior a versión 16, es vulnerable a un ataque de tipo cross-site scripting almacenado debido a un saneamiento insuficiente de los archivos adjuntos cargados con los formularios mediante el archivo upload.php", }, ], id: "CVE-2021-20103", lastModified: "2024-11-21T05:45:55.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T16:15:08.180", references: [ { source: "vulnreport@tenable.com", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-6409
Vulnerability from cvelistv5
Published
2018-05-26 22:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://metalamin.github.io/MachForm-not-0-day-EN/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44804/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.machform.com/blog-machform-423-security-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:49.253Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-26T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-01T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6409", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://metalamin.github.io/MachForm-not-0-day-EN/", refsource: "MISC", url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44804/", }, { name: "https://www.machform.com/blog-machform-423-security-release/", refsource: "MISC", url: "https://www.machform.com/blog-machform-423-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6409", datePublished: "2018-05-26T22:00:00", dateReserved: "2018-01-30T00:00:00", dateUpdated: "2024-08-05T06:01:49.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4950
Vulnerability from cvelistv5
Published
2013-07-29 23:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/26553 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85389 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html | x_refsource_MISC | |
| http://osvdb.org/94803 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:41.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "machform-formmaker-view-xss(85389)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { name: "94803", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/94803", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-02T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "machform-formmaker-view-xss(85389)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { name: "94803", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/94803", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4950", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "26553", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/26553", }, { name: "machform-formmaker-view-xss(85389)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389", }, { name: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, { name: "94803", refsource: "OSVDB", url: "http://osvdb.org/94803", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4950", datePublished: "2013-07-29T23:00:00", dateReserved: "2013-07-29T00:00:00", dateUpdated: "2024-08-06T16:59:41.038Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6410
Vulnerability from cvelistv5
Published
2018-05-26 22:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://metalamin.github.io/MachForm-not-0-day-EN/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44804/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.machform.com/blog-machform-423-security-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:49.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-26T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-01T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6410", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://metalamin.github.io/MachForm-not-0-day-EN/", refsource: "MISC", url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44804/", }, { name: "https://www.machform.com/blog-machform-423-security-release/", refsource: "MISC", url: "https://www.machform.com/blog-machform-423-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6410", datePublished: "2018-05-26T22:00:00", dateReserved: "2018-01-30T00:00:00", dateUpdated: "2024-08-05T06:01:49.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20104
Vulnerability from cvelistv5
Published
2021-06-29 15:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AppNitro Machform |
Version: All versions prior to version 16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AppNitro Machform", vendor: "n/a", versions: [ { status: "affected", version: "All versions prior to version 16", }, ], }, ], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T15:31:01", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20104", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AppNitro Machform", version: { version_data: [ { version_value: "All versions prior to version 16", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20104", datePublished: "2021-06-29T15:31:01", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20102
Vulnerability from cvelistv5
Published
2021-06-29 15:30
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AppNitro Machform |
Version: All versions prior to version 16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AppNitro Machform", vendor: "n/a", versions: [ { status: "affected", version: "All versions prior to version 16", }, ], }, ], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Request Forgery", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T15:30:45", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20102", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AppNitro Machform", version: { version_data: [ { version_value: "All versions prior to version 16", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Request Forgery", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20102", datePublished: "2021-06-29T15:30:45", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6411
Vulnerability from cvelistv5
Published
2018-05-26 22:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://metalamin.github.io/MachForm-not-0-day-EN/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44804/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.machform.com/blog-machform-423-security-release/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:01:49.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-26T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-01T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44804/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.machform.com/blog-machform-423-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://metalamin.github.io/MachForm-not-0-day-EN/", refsource: "MISC", url: "https://metalamin.github.io/MachForm-not-0-day-EN/", }, { name: "44804", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44804/", }, { name: "https://www.machform.com/blog-machform-423-security-release/", refsource: "MISC", url: "https://www.machform.com/blog-machform-423-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6411", datePublished: "2018-05-26T22:00:00", dateReserved: "2018-01-30T00:00:00", dateUpdated: "2024-08-05T06:01:49.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4948
Vulnerability from cvelistv5
Published
2013-07-29 23:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/26553 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/94801 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85388 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:41.068Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "94801", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/94801", }, { name: "machform-formmaker2-view-sql-injection(85388)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85388", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-02T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "94801", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/94801", }, { name: "machform-formmaker2-view-sql-injection(85388)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85388", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4948", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "26553", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/26553", }, { name: "94801", refsource: "OSVDB", url: "http://osvdb.org/94801", }, { name: "machform-formmaker2-view-sql-injection(85388)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85388", }, { name: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4948", datePublished: "2013-07-29T23:00:00", dateReserved: "2013-07-29T00:00:00", dateUpdated: "2024-08-06T16:59:41.068Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20105
Vulnerability from cvelistv5
Published
2021-06-29 15:37
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AppNitro Machform |
Version: All versions prior to version 16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AppNitro Machform", vendor: "n/a", versions: [ { status: "affected", version: "All versions prior to version 16", }, ], }, ], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.", }, ], problemTypes: [ { descriptions: [ { description: "Open Redirect", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T15:37:41", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20105", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AppNitro Machform", version: { version_data: [ { version_value: "All versions prior to version 16", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Open Redirect", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20105", datePublished: "2021-06-29T15:37:41", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20101
Vulnerability from cvelistv5
Published
2021-06-29 15:30
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AppNitro Machform |
Version: All versions prior to version 16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AppNitro Machform", vendor: "n/a", versions: [ { status: "affected", version: "All versions prior to version 16", }, ], }, ], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.", }, ], problemTypes: [ { descriptions: [ { description: "Host Header Injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T15:30:39", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20101", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AppNitro Machform", version: { version_data: [ { version_value: "All versions prior to version 16", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Host Header Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20101", datePublished: "2021-06-29T15:30:39", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4949
Vulnerability from cvelistv5
Published
2013-07-29 23:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85386 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/26553 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/94802 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:41.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "machform-formmaker-view-file-upload(85386)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85386", }, { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "94802", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/94802", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-02T00:00:00", descriptions: [ { lang: "en", value: "Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "machform-formmaker-view-file-upload(85386)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85386", }, { name: "26553", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/26553", }, { name: "94802", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/94802", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "machform-formmaker-view-file-upload(85386)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85386", }, { name: "26553", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/26553", }, { name: "94802", refsource: "OSVDB", url: "http://osvdb.org/94802", }, { name: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4949", datePublished: "2013-07-29T23:00:00", dateReserved: "2013-07-29T00:00:00", dateUpdated: "2024-08-06T16:59:41.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20103
Vulnerability from cvelistv5
Published
2021-06-29 15:30
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AppNitro Machform |
Version: All versions prior to version 16 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AppNitro Machform", vendor: "n/a", versions: [ { status: "affected", version: "All versions prior to version 16", }, ], }, ], descriptions: [ { lang: "en", value: "Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, ], problemTypes: [ { descriptions: [ { description: "Unauthenticated File Upload", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T15:30:51", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-25%2Chttps://www.machform.com/blog-machform-16-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20103", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AppNitro Machform", version: { version_data: [ { version_value: "All versions prior to version 16", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Unauthenticated File Upload", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-25,https://www.machform.com/blog-machform-16-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20103", datePublished: "2021-06-29T15:30:51", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.450Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }