← back
CVE-2018-6411

CVE-2018-6411

EPSS 5.9%
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44804/unverifiedexploitdbwww.exploit-db.com/exploits/44804unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://metalamin.github.io/MachForm-not-0-day-EN/https://www.exploit-db.com/exploits/44804/https://www.machform.com/blog-machform-423-security-release/