An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-26T22:00:00
Updated: 2024-08-05T06:01:49.253Z
Reserved: 2018-01-30T00:00:00
Link: CVE-2018-6409
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-05-26T22:29:00.370
Modified: 2021-07-01T12:25:47.433
Link: CVE-2018-6409
Redhat
No data.