Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-6410

Published: 26/05/2018 Updated: 01/07/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Machform

Vulnerability Summary

An issue exists in Appnitro MachForm prior to 4.2.3. There is a download.php SQL injection via the q parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

machform machform 4.2.3

Exploits

Exploit DB: MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Vendor: Appnitro Product webpage: wwwmachformcom/ Full-Disclose: metalamingithubio/MachForm-not-0-day-EN/ Fix: wwwmachformcom/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform" inurl:"viewphp" "machform" inurl:"embedphp" Summary: - ...
Exploit DB: Appnitro MachForm SQL Injection / Traversal / File Upload
Appnitro MachForm suffers from remote file upload, remote SQL injection, and path traversal vulnerabilities ...

References

CWE-89https://www.machform.com/blog-machform-423-security-release/https://metalamin.github.io/MachForm-not-0-day-EN/https://www.exploit-db.com/exploits/44804/https://nvd.nist.govhttps://www.exploit-db.com/exploits/44804/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook