Vulnerabilities (CVE)

Filtered by vendor Chronoengine Subscribe

Filtered by product Chronoforms

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-47135	1 Chronoengine	1 Chronoforms	2023-12-10	N/A	8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.
CVE-2008-0567	1 Chronoengine	1 Chronoforms	2023-12-10	7.5 HIGH	N/A
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.