Vulnerabilities > CVE-2013-4949 - Unspecified vulnerability in Machform 2.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
machform
exploit available
NVD
Published: 2013-07-29
Updated: 2017-08-29

Summary

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.

Vulnerable Configurations

Part Description Count
Application
Machform
1

Exploit-Db

descriptionMachform Form Maker 2 - Multiple Vulnerabilities. CVE-2013-4948,CVE-2013-4949,CVE-2013-4950. Webapps exploit for php platform
fileexploits/php/webapps/26553.txt
idEDB-ID:26553
last seen2016-02-03
modified2013-07-02
platformphp
port
published2013-07-02
reporterYashar shahinzadeh
sourcehttps://www.exploit-db.com/download/26553/
titleMachform Form Maker 2 - Multiple Vulnerabilities
typewebapps

References