PHP Remote File Inclusion Vulnerability in cforms Plugin by Oliver Seidel
CVE-2008-0560

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cforms
Vendor: CVE Published:; 4 February 2008

Summary

The vulnerability is attributed to inadequate validation in the cforms-css.php file of the cforms plugin developed by Oliver Seidel. Attackers can manipulate the 'tm' parameter to include malicious PHP files from external sources, which may lead to the execution of arbitrary PHP code on the affected server. Notably, this vulnerability has sparked discussions regarding its applicability to version 7.3 of the plugin, which lacks the vulnerable 'tm' parameter, resulting in a fatal error instead of code execution. Ensuring users have updated versions of the plugin is critical to maintaining site integrity.

References

http://www.securityfocus.com/archive/1/487347/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.attrition.org/pipermail/vim/2008-January/00189...

mailing-listx_refsource_VIM

https://exchange.xforce.ibmcloud.com/vulnerabilities/40143

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 4, 2008
Vulnerability Reserved
Feb 4, 2008