Home/Product/machform
Product

machform

15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-37765
<= 19
Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page.
8.8HIGH
 CVE-2024-37764
<= 19
MachForm up to version 19 is affected by an authenticated stored cross-site scripting.
5.4MEDIUM
 CVE-2024-37763
<= 19
MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions wh
5.4MEDIUM
 CVE-2024-37762
< 21
MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.
9.9CRITICAL
 CVE-2021-20105
< 16
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.
6.1MEDIUM
 CVE-2021-20104
< 16
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attac
8.1HIGH
 CVE-2021-20103
< 16
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments upl
6.1MEDIUM
 CVE-2021-20102
< 16
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
8.8HIGH
 CVE-2021-20101
< 16
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could caus
6.1MEDIUM
 CVE-2018-6411
all versions
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dange
9.8CRITICAL
 CVE-2018-6410
all versions
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
9.8CRITICAL
 CVE-2018-6409
all versions
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the dat
5.3MEDIUM
 CVE-2013-4950
all versions
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML
 CVE-2013-4949
all versions
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploadin
 CVE-2013-4948
all versions
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh