Описание
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:easyregistrationforms:easy_registration_forms:2.0.6:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 77%
0.01048
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
github
больше 3 лет назад
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
EPSS
Процентиль: 77%
0.01048
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236