FluentForm < 4.3.13 - CSV Injection vulnerabilit
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
NVD | CVE-2022-3463 | 7 Nov 202210:15 | – | nvd |
Cvelist | CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection | 7 Nov 202200:00 | – | cvelist |
Prion | Design/Logic Flaw | 7 Nov 202210:15 | – | prion |
WPVulnDB | FluentForm < 4.3.13 - CSV Injection | 17 Oct 202200:00 | – | wpvulndb |
CVE | CVE-2022-3463 | 7 Nov 202210:15 | – | cve |
OpenVAS | WordPress Contact Form Plugin < 4.3.13 CSV Injection Vulnerability | 2 Jan 202400:00 | – | openvas |
Patchstack | WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability | 17 Oct 202200:00 | – | patchstack |
- As unauthenticated, submit a form using =5+5 as value in any field
- As admin, export the data as CSV (/wp-admin/admin.php?page=fluent_forms&form_id=1&route=entries)
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo