PHP Remote File Inclusion Vulnerability in cforms Plugin by Oliver Seidel
CVE-2008-0560

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cforms
Vendor
CVE Published:
4 February 2008

What is CVE-2008-0560?

The vulnerability is attributed to inadequate validation in the cforms-css.php file of the cforms plugin developed by Oliver Seidel. Attackers can manipulate the 'tm' parameter to include malicious PHP files from external sources, which may lead to the execution of arbitrary PHP code on the affected server. Notably, this vulnerability has sparked discussions regarding its applicability to version 7.3 of the plugin, which lacks the vulnerable 'tm' parameter, resulting in a fatal error instead of code execution. Ensuring users have updated versions of the plugin is critical to maintaining site integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/487347/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.attrition.org/pipermail/vim/2008-January/00189...
mailing-listx_refsource_VIM
https://exchange.xforce.ibmcloud.com/vulnerabilities/40143
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.