8.8
CVE-2020-22275
- EPSS 1.05%
- Veröffentlicht 04.11.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:13:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginEasy Registration Forms <= 2.0.6 - CSV Injection
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
Mögliche Gegenmaßnahme
Easy Registration Forms: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Easy Registration Forms
Version
*-2.0.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Easyregistrationforms ≫ Easy Registration Forms Version2.0.6 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.755 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.