Cforms & CformsII < 14.13 – SQL Injection | CVE 2017-18570

Affects Plugins

cforms2

Fixed in 14.13

cforms

No known fix

References

CVE

CVE-2017-18570

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Verified

No

WPVDB ID

48fcefda-f067-433d-b1ae-47b867a93edb

Timeline

Publicly Published

2017-04-24 (about 8 years ago)

Added

2019-08-24 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-04-26

Title

ProfileGrid < 5.7.2 - Authenticated (Contributor+) SQL Injection

Published

2025-11-11

Title

Specific Content For Mobile – Customize the mobile version without redirections < 0.5.6 - Authenticated (Contributor+) SQL Injection

Published

2024-04-16

Title

SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton

Published

2026-03-25

Title

JS Help Desk – AI-Powered Support & Ticketing System < 3.0.5 - Unauthenticated SQL Injection via 'multiformid' Parameter

Published

2025-05-29

Title

Infility Global <= 2.14.52 - Subscriber+ SQL Injection