CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

Design/Logic Flaw

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

ChurchCRM 注入漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM version 4.2.0 suffers from a CSV injection vulnerability that originates from improperly neutralized formula elements in a CSV file, which can be exploited by a remote attacker to execute arbitrary code via a crafted CSV file...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

CVE-2020-28848

ChurchCRM 4.2.0 contains a CSV injection vulnerability enabling remote code execution via crafted CSV files. The issue stems from improperly neutralized formula elements in CSV input, allowing an attacker to run arbitrary code on affected systems. CVSS v3.1 assesses base score 8.8 (High) with Net...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

PDQ CSV <= 1.0.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

CVE-2023-31221

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

CVE-2023-31221

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

CVE-2023-31221

CVE-2023-31221 affects the PDQ CSV WordPress plugin (WordPress PDQ CSV) with an Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions = 1.0.0. Monitoring for updates is advised if further details emerge.

CVE-2023-31221 WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

CVE-2023-31221 WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ransom Christofferson PDQ CSV plugin = 1.0.0 versions...

WordPress plugin pdq-csv cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-23243 · Ransom Christofferson · Pdq Csv Plugin

Name of the Vulnerable Software and Affected Versions: Ransom Christofferson PDQ CSV plugin versions prior to 1.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 1.0....

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Description The plugin does not protect its imported files, which could allow unauthenticated users to list and view exported files...

WP Ultimate CSV Importer < 7.9.9 - Author+ Privilege Escalation

Description The plugin does not validate User Metadata, which could allow author and above roles who have been granted access to the plugin settings to update their role to administrator...

CVE-2023-4141

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...