CVE-2018-6409
published 2018-05-26CVE-2018-6409: An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of…
PriorityP347medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
14.76%
96.3th percentile
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| machform | machform | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7m97-g8f2-fj9g: An issue was discovered in Appnitro MachForm before 4
ghsa_unreviewed·2022-05-13
CVE-2018-6409 [MEDIUM] CWE-22 GHSA-7m97-g8f2-fj9g: An issue was discovered in Appnitro MachForm before 4
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
Chrome
Stable Channel Update for Desktop: CVE-2020-6409
vendor_chrome·2020-02-04·CVSS 8.8
CVE-2020-6409 [LOW] Stable Channel Update for Desktop: CVE-2020-6409
Stable Channel Update for Desktop
CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V from Karya Technologies on 2019-12-26
[$500][ 881675 ] Low CVE-2020-6410: Insufficient policy enforcement in navigation
Reported by evi1m0 of Bilibili Security Team on 2018-09-07
Severity: low
No detection rules found.
No writeups or analysis indexed.
https://metalamin.github.io/MachForm-not-0-day-EN/https://www.exploit-db.com/exploits/44804/https://www.machform.com/blog-machform-423-security-release/https://metalamin.github.io/MachForm-not-0-day-EN/https://www.exploit-db.com/exploits/44804/https://www.machform.com/blog-machform-423-security-release/
2018-05-26
Published