CVE-2024-6936

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1

Description A problematic issue has been found in the Setting Handler component, affecting the file /admin/settings/index.php?page=accounts. The manipulation of the Page Theme argument leads to code injection. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For version 3.1.1, consider disabling the Page Theme argument in the /admin/settings/index.php?page=accounts file as a temporary workaround until a patch is available. Restrict access to the Setting Handler component to minimize the risk of exploitation. Avoid using the Page Theme argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.