CVE-2020-36503

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

Ссылки

https://github.com/Connections-Business-Directory/Connections/issues/474
Exploit
Issue Tracking
Patch
Third Party Advisory
https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec
Exploit
Third Party Advisory
https://github.com/Connections-Business-Directory/Connections/issues/474
Exploit
Issue Tracking
Patch
Third Party Advisory
https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connections-pro:connections_business_directory:*:*:*:*:*:wordpress:*:*

Версия от 0.7.3.2 (включая) до 9.6 (включая)

EPSS

Процентиль: 79%

0.01275

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-cv8q-93v6-rxm5

github

больше 3 лет назад