Lucene search
MitreCVELIST:CVE-2020-9372HistoryMar 04, 2020 - 6:12 p.m.
CVE-2020-9372
2020-03-0418:12:31
mitre
www.cve.org
0.011 Low
EPSS
Percentile
84.6%
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
Related
cve
cve
CVE-2020-9372
2020-03-04 19:15:13
wpvulndb
wpvulndb
Appointment Booking Calendar < 1.3.35 - CSV Injection
2020-03-04 00:00:00
patchstack
patchstack
prion
prion
Input validation
2020-03-04 19:15:00
nvd
nvd
CVE-2020-9372
2020-03-04 19:15:13
exploitpack
exploitpack
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
2020-03-12 00:00:00
packetstorm
packetstorm
WordPress Appointment Booking Calendar 1.3.34 CSV Injection
2020-03-12 00:00:00
exploitdb
exploitdb
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
2020-03-12 00:00:00