Описание
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:machform:machform:4.2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12669
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
EPSS
Процентиль: 94%
0.12669
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22