Cforms & CformsII < 14.6.10 – SQL Injection | CVE 2015-9333

Affects Plugins

cforms2

Fixed in 14.6.10

cforms

No known fix

References

CVE

CVE-2015-9333

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Verified

No

WPVDB ID

619e1ab9-04ac-4c45-a719-3e4b5313a847

Timeline

Publicly Published

2015-04-11 (about 10 years ago)

Added

2019-08-25 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-01-07

Title

WPMU Prefill Post <= 1.02 - Authenticated (Administrator+) SQL Injection

Published

2025-08-05

Title

CleverReach WP < 1.5.21 - Unauthenticated SQL Injection via title

Published

2024-08-07

Title

Slider by 10Web – Responsive Image Slider < 1.2.58 - Authenticated (Contributor+) SQL Injection via id Parameter

Published

2015-05-25

Title

GigPress <= 2.3.8 - Authenticated SQL Injection

Published

2024-07-11

Title

Form Vibes < 1.4.11 - Authenticated (Subscriber+) SQL Injection via fv_export_data