Lucene search
Francesco CarlucciWPEX-ID:689B4C42-C516-4C57-8EC7-3A6F12A3594EHistoryOct 03, 2022 - 12:00 a.m.
Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
2022-10-0300:00:00
Francesco Carlucci
180
bestwebsoft
csv injection
post to csv
EPSS
0.003
Percentile
68.8%
The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection
- create a post using =5+5 as the title
- export the data as CSV (/wp-admin/admin.php?page=post-to-csv.php)
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed Related
prion
prion
Design/Logic Flaw
2022-10-25 17:15:00
cve
cve
CVE-2022-3393
2022-10-25 17:15:57
wpvulndb
wpvulndb
Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
2022-10-03 00:00:00
nvd
nvd
CVE-2022-3393
2022-10-25 17:15:57
cvelist
cvelist
CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
2022-10-25 00:00:00
patchstack
patchstack