Lucene search

K

FluentForm < 4.3.13 - CSV Injection

🗓️ 17 Oct 2022 00:00:00Reported by Francesco CarlucciType 
wpexploit
 wpexploit
👁 75 Views

FluentForm < 4.3.13 - CSV Injection vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2022-3463
7 Nov 202210:15
nvd
Cvelist
CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection
7 Nov 202200:00
cvelist
Prion
Design/Logic Flaw
7 Nov 202210:15
prion
WPVulnDB
FluentForm < 4.3.13 - CSV Injection
17 Oct 202200:00
wpvulndb
CVE
CVE-2022-3463
7 Nov 202210:15
cve
OpenVAS
WordPress Contact Form Plugin < 4.3.13 CSV Injection Vulnerability
2 Jan 202400:00
openvas
Patchstack
WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability
17 Oct 202200:00
patchstack
- As unauthenticated, submit a form using =5+5 as value in any field

- As admin, export the data as CSV (/wp-admin/admin.php?page=fluent_forms&form_id=1&route=entries)
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Oct 2022 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.003
75
.json
Report