Cforms & CformsII <= 14.7 - Remote Code Execution via Unauthorised File Upload

Affects Plugins

fixed in version 14.8
no known fix
- plugin closed

References

CVE 2014-9473
ExploitDB 35879
PacketStorm 129762
URL https://www.securityfocus.com/archive/1/534349/30/0/threaded

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter pvdl & Bastian Germann
Views 5623
Verified No
WPVDB ID 7752

Timeline

Publicly Published 2014-12-30 (over 5 years ago)
Added 2015-01-13 (over 5 years ago)
Last Updated 2019-11-01 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin