Lucene search
PRIOn knowledge basePRION:CVE-2022-4034HistoryNov 29, 2022 - 9:15 p.m.
Input validation
2022-11-2921:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
csv injection
appointment hour booking
unauthenticated attackers
code execution
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site’s administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
| CPE | Name | Operator | Version |
|---|---|---|---|
| appointment_hour_booking | le | 1.3.72 |
Related
cvelist
cvelist
CVE-2022-4034
2022-11-29 20:30:15
cnvd
cnvd
WordPress Appointment Hour Booking plugin has CSV injection vulnerability
2022-11-30 00:00:00
githubexploit
githubexploit
nvd
nvd
CVE-2022-4034
2022-11-29 21:15:12
cve
cve
CVE-2022-4034
2022-11-29 21:15:12
wpvulndb
wpvulndb
Appointment Hour Booking < 1.3.73 - CSV Injection
2022-11-29 00:00:00
openvas
openvas
WordPress Appointment Hour Booking Plugin < 1.3.73 Multiple Vulnerabilities
2023-08-11 00:00:00