CVE-2018-6411

Name of the Vulnerable Software and Affected Versions Appnitro MachForm versions prior to 4.2.3

Description An issue in Appnitro MachForm allows for SQL Injection through ap form elements when the form filter is set to a whitelist, potentially bypassing dangerous extensions.

Recommendations For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider setting the form filter to a blacklist to minimize the risk of exploitation. Restrict access to the ap form elements SQL elements to minimize the risk of SQL Injection until the issue is resolved.