CVE-2013-4950
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-4950. PoCs published by Yashar shahinzadeh.
AI-analyzed exploit summary This exploit demonstrates arbitrary file upload and SQL injection/XSS vulnerabilities in Machform. The file upload allows attackers to upload malicious PHP shells, while the SQL injection and XSS can be triggered via crafted POST requests.
Description
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
Exploits (1)
This exploit demonstrates arbitrary file upload and SQL injection/XSS vulnerabilities in Machform. The file upload allows attackers to upload malicious PHP shells, while the SQL injection and XSS can be triggered via crafted POST requests.