CVE-2019-20180

Опубликовано: 09 янв. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 6

EPSS Низкий

Описание

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.

Ссылки

https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8
https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996
Issue Tracking
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10016
Broken Link
https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8
https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996
Issue Tracking
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10016
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*

Версия до 1.9.2 (включая)

EPSS

Процентиль: 86%

0.02881

Низкий

6.8 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-hp3g-5vj7-7hgc