Primary

Context

RSForm!Pro Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the RSForm!Pro component for Joomla, specifically in versions 3.0.0 through 3.3.14. The vulnerability arises within the submission export feature, where filenames were not properly escaped before being exported to CSV. This issue requires administrative access to the export feature to be exploited.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the vulnerable RSForm!Pro component is installed.

Remediation

Users can update to RSForm!Pro version 3.3.15, which addresses this vulnerability by properly escaping filenames before export. The update is available through the RSJoomla! website.

Added: Jun 11, 2025, 8:19 PM

Updated: Jun 11, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RSForm!Pro Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating