CVE-2008-0560

** DISPUTED ** PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:contact_forms:cforms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-02-04 23:00

Updated : 2024-08-07 08:15


NVD link : CVE-2008-0560

Mitre link : CVE-2008-0560

CVE.ORG link : CVE-2008-0560


JSON object : View

Products Affected

contact_forms

  • cforms
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')