Medium severity5.3NVD Advisory· Published May 26, 2018· Updated Jun 17, 2026

CVE-2018-6409

Description

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Appnitro/MachFormllm-fuzzy
Range: <4.2.3

Patches

Vulnerability mechanics

References

metalamin.github.io/MachForm-not-0-day-EN/nvdExploitThird Party Advisory
www.exploit-db.com/exploits/44804/nvdExploitThird Party AdvisoryVDB Entry
www.machform.com/blog-machform-423-security-release/nvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000