3 matches found
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...
CVE-2020-28848
ChurchCRM 4.2.0 contains a CSV injection vulnerability enabling remote code execution via crafted CSV files. The issue stems from improperly neutralized formula elements in CSV input, allowing an attacker to run arbitrary code on affected systems. CVSS v3.1 assesses base score 8.8 (High) with Net...