RSS   Podatności dla 'Machform'   RSS

2021-06-29
 
CVE-2021-20101

CWE-74
 

 
Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.

 
 
CVE-2021-20102

CWE-352
 

 
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.

 
 
CVE-2021-20103

CWE-79
 

 
Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.

 
 
CVE-2021-20104

CWE-434
 

 
Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

 
 
CVE-2021-20105

CWE-601
 

 
Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top