CVE-2010-5038

2011-11-0221:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

High

EPSS

0.012

Percentile

85.3%

JSON

PHP remote file inclusion vulnerability in contact/contact.php in Groone’s Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

References

packetstormsecurity.org/1005-exploits/groonescf-rfi.txt

securityreason.com/securityalert/8523

www.securityfocus.com/archive/1/511551/100/0/threaded

www.vupen.com/english/advisories/2010/1291