Unrated severityNVD Advisory· Published Feb 4, 2008· Updated Apr 23, 2026

CVE-2008-0560

Description

PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function

Affected products

Contact Forms/Cforms
cpe:2.3:a:contact_forms:cforms:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/3605nvd
www.attrition.org/pipermail/vim/2008-January/001895.htmlnvd
www.securityfocus.com/archive/1/487347/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/40143nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000