5078 matches found
Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...
CVE-2020-22274
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
CVE-2020-22274
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
Design/Logic Flaw
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...
CVE-2020-22276
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22276
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...
Design/Logic Flaw
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...
Design/Logic Flaw
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...
Input validation
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...
Design/Logic Flaw
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22274
JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...
CVE-2020-22274
CVE-2020-22274 affects JomSocial (Joomla Social Network Extention) 4.7.6, with a CSV injection flaw exploitable via a customer profile. The vulnerability’s root cause is CSV injection in the profile handling, and CVSS metrics indicate a HIGH/CRITICAL risk (CVSS v3.1: 9.8; network attack, no auth,...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22275
The CVE describes a CSV injection in WordPress Easy Registration Forms (ER Forms) plugin v2.0.6, where attacker-supplied entries with malicious CSV commands are not sanitized, enabling code execution when an admin exports CSV data. Affected component: ER Forms plugin for WordPress; root cause: in...