Vulnerabilities > Machform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-20101 | Injection vulnerability in Machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. | 6.1 |
| 2021-06-29 | CVE-2021-20102 | Cross-Site Request Forgery (CSRF) vulnerability in Machform Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. | 8.8 |
| 2021-06-29 | CVE-2021-20103 | Cross-site Scripting vulnerability in Machform Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. | 6.1 |
| 2021-06-29 | CVE-2021-20104 | Unrestricted Upload of File with Dangerous Type vulnerability in Machform Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. | 8.1 |
| 2021-06-29 | CVE-2021-20105 | Open Redirect vulnerability in Machform Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter. | 6.1 |
| 2018-05-26 | CVE-2018-6411 | Unrestricted Upload of File with Dangerous Type vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 9.8 |
| 2018-05-26 | CVE-2018-6410 | SQL Injection vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 9.8 |
| 2018-05-26 | CVE-2018-6409 | Path Traversal vulnerability in Machform 4.2.3 An issue was discovered in Appnitro MachForm before 4.2.3. | 5.3 |