Vulnerabilities > Machform

DATE CVE VULNERABILITY TITLE RISK
2021-06-29 CVE-2021-20101 Injection vulnerability in Machform
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers.
network
low complexity
machform CWE-74
6.1
2021-06-29 CVE-2021-20102 Cross-Site Request Forgery (CSRF) vulnerability in Machform
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
network
low complexity
machform CWE-352
8.8
2021-06-29 CVE-2021-20103 Cross-site Scripting vulnerability in Machform
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.
network
low complexity
machform CWE-79
6.1
2021-06-29 CVE-2021-20104 Unrestricted Upload of File with Dangerous Type vulnerability in Machform
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
network
high complexity
machform CWE-434
8.1
2021-06-29 CVE-2021-20105 Open Redirect vulnerability in Machform
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
network
low complexity
machform CWE-601
6.1
2018-05-26 CVE-2018-6411 Unrestricted Upload of File with Dangerous Type vulnerability in Machform 4.2.3
An issue was discovered in Appnitro MachForm before 4.2.3.
network
low complexity
machform CWE-434
7.5
2018-05-26 CVE-2018-6410 SQL Injection vulnerability in Machform 4.2.3
An issue was discovered in Appnitro MachForm before 4.2.3.
network
low complexity
machform CWE-89
7.5
2018-05-26 CVE-2018-6409 Path Traversal vulnerability in Machform 4.2.3
An issue was discovered in Appnitro MachForm before 4.2.3.
network
low complexity
machform CWE-22
5.0
2013-07-29 CVE-2013-4950 Cross-Site Scripting vulnerability in Machform 2.0
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
network
machform CWE-79
4.3
2013-07-29 CVE-2013-4949 Unspecified vulnerability in Machform 2.0
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
network
machform
6.8