Lucene search

[email protected]CVE-2019-20180

HistoryJan 09, 2020 - 9:15 p.m.

CVE-2019-20180

2020-01-0921:15:00

CWE-1236

[email protected]

web.nvd.nist.gov

100

tablepress

wordpress

cve-2019-20180

csv injection

security vulnerability

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.3%

JSON

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.

CPENameOperatorVersion
tablepress:tablepresstablepressle1.9.2

CPE	Name	Operator	Version
tablepress:tablepress	tablepress	le	1.9.2

References

medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8

wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996

wpvulndb.com/vulnerabilities/10016

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for CVE-2019-20180

osv1 openvas1 cvelist1 prion1