CVE-2024-6937

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1

Description A problematic issue was found in the Import Option List component, specifically affecting the curl exec function in the /admin/forms/option lists/edit.php file. The manipulation of the url argument leads to file inclusion, and it is possible to launch the attack remotely. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this disclosure but did not respond.

Recommendations For version 3.1.1, consider disabling the curl exec function in the /admin/forms/option lists/edit.php file as a temporary workaround until a patch is available. Restrict access to the Import Option List component to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved.