CVE-2013-4949

Name of the Vulnerable Software and Affected Versions Machform version 2

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a PHP file to the upload form's directory in data/, then accessing it via a direct request. This is due to an unrestricted file upload vulnerability in view.php.

Recommendations For Machform version 2, consider restricting file uploads to only allowed file types to prevent the execution of arbitrary PHP code. As a temporary workaround, restrict access to the upload form's directory in data/ to minimize the risk of exploitation.