Microengine Mailform vulnerabilities
2 known vulnerabilities affecting microengine/mailform.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2023-27397P2CRITICALCVSS 9.8≥ 1.1.0, < 1.1.92023-05-23
CVE-2023-27397 [CRITICAL] CWE-434 CVE-2023-27397: Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
nvd
CVE-2023-27507P2CRITICALCVSS 9.8≥ 1.1.0, < 1.1.92023-05-23
CVE-2023-27507 [CRITICAL] CWE-22 CVE-2023-27507: MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product'
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
nvd