Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6411 | 1 Appnitro | 1 Machform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. | |||||
| CVE-2018-6410 | 1 Appnitro | 1 Machform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. | |||||
| CVE-2013-4950 | 1 Appnitro | 1 Machform | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. | |||||
| CVE-2013-4949 | 1 Appnitro | 1 Machform | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. | |||||