mailform version 1.04 allows remote malicious users to execute arbitrary PHP code via unspecified vectors.
mailform mailform 1.04