CVE-2024-38773

CRITICAL

Formlift For Infusionsoft Web Forms < 7.5.18 - SQL Injection

Title source: rule

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.

Exploits (1)

github WORKING POC

by Sechunt3r · shellpoc

https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2024-38773

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://patchstack.com/database/vulnerability/formlift/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.3

EPSS 0.0029

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Classification

CWE

CWE-89

Status published

Affected Products (1)

formlift/formlift_for_infusionsoft_web_forms < 7.5.18

Timeline

Published Jul 22, 2024

Tracked Since Feb 18, 2026