Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2gq4-6723-j8cq

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

Ссылки

EPSS

Процентиль: 79%
0.01291
Низкий

CVE ID

CVE-2021-20104

Дефекты

CWE-434

Связанные уязвимости

nvd логотип

CVE-2021-20104

CVSS3: 8.1
nvd
больше 4 лет назад

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

fstec логотип

BDU:2021-03519

CVSS3: 8.1
fstec
больше 4 лет назад

Уязвимость функции в upload.php PHP редактора создания форм Machform, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 79%
0.01291
Низкий

CVE ID

CVE-2021-20104

Дефекты

CWE-434