Description
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Amine Taouirsa · textwebappsphp
https://www.exploit-db.com/exploits/44804
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://metalamin.github.io/MachForm-not-0-day-EN/
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44804/
Release Notes, Vendor Advisory x_refsource_misc
https://www.machform.com/blog-machform-423-security-release/
Scores
CVSS v3
5.3
EPSS
0.1267
EPSS Percentile
94.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
machform/machform
4.2.3
Published
May 26, 2018
Tracked Since
Feb 18, 2026