exploitDog

GHSA-jvg2-rvxj-jmp7

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.6

Описание

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.

Ссылки

EPSS

Процентиль: 92%

0.08414

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-1236

Связанные уязвимости

CVE-2018-9035

CVSS3: 9.6

nvd

почти 8 лет назад

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.

EPSS

Процентиль: 92%

0.08414

Низкий

9.6 Critical

CVSS3

CVE ID

Дефекты

CWE-1236