Machform
by Machform
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37762 | Cri | 0.64 | 9.9 | 0.01 | Jul 1, 2024 | MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. | ||
| CVE-2024-37765 | Hig | 0.57 | 8.8 | 0.01 | Jul 1, 2024 | Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. | ||
| CVE-2021-20102 | Hig | 0.57 | 8.8 | 0.01 | Jun 29, 2021 | Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. | ||
| CVE-2021-20104 | Hig | 0.53 | 8.1 | 0.02 | Jun 29, 2021 | Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. | ||
| CVE-2021-20105 | Med | 0.40 | 6.1 | 0.01 | Jun 29, 2021 | Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter. | ||
| CVE-2021-20103 | Med | 0.40 | 6.1 | 0.01 | Jun 29, 2021 | Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. | ||
| CVE-2021-20101 | Med | 0.40 | 6.1 | 0.01 | Jun 29, 2021 | Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content. | ||
| CVE-2024-37764 | Med | 0.35 | 5.4 | 0.01 | Jul 1, 2024 | MachForm up to version 19 is affected by an authenticated stored cross-site scripting. | ||
| CVE-2024-37763 | Med | 0.35 | 5.4 | 0.01 | Jul 1, 2024 | MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. | ||
| CVE-2013-4950 | 0.03 | — | 0.04 | Jul 29, 2013 | Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. | |||
| CVE-2013-4949 | 0.03 | — | 0.05 | Jul 29, 2013 | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/. | |||
| CVE-2013-4948 | 0.03 | — | 0.04 | Jul 29, 2013 | SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. |
- risk 0.64cvss 9.9epss 0.01
MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.
- risk 0.57cvss 8.8epss 0.01
Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page.
- risk 0.57cvss 8.8epss 0.01
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
- risk 0.53cvss 8.1epss 0.02
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.
- risk 0.40cvss 6.1epss 0.01
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
- risk 0.40cvss 6.1epss 0.01
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.
- risk 0.40cvss 6.1epss 0.01
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.
- risk 0.35cvss 5.4epss 0.01
MachForm up to version 19 is affected by an authenticated stored cross-site scripting.
- risk 0.35cvss 5.4epss 0.01
MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results.
- CVE-2013-4950Jul 29, 2013risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
- CVE-2013-4949Jul 29, 2013risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
- CVE-2013-4948Jul 29, 2013risk 0.03cvss —epss 0.04
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.