Skip to main content

Mailform

4 CVEs product

Monthly

CVE-2023-27507 CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-27397 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-5553 CRITICAL Act Now

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Mailform
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-5552 MEDIUM This Month

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform
NVD
CVSS 3.1
6.1
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy