CVE-2015-2798

CRITICAL

Web-dorado Contact Form Maker - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC

by TUNISIAN CYBER · textwebappsphp

https://www.exploit-db.com/exploits/36561

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73903

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/36561/

Scores

CVSS v3 9.8

EPSS 0.0100

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

web-dorado/contact_form_maker 1.0.1

Published Jul 25, 2017

Tracked Since Feb 18, 2026