Published: 12/04/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The Convert Forms extension prior to 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
convert forms project convert forms

# Exploit Title: Joomla Extension Convert Forms version 203 is vulnerable to Formula Injection (CSV Injection) # Google Dork: N/A # Date: 12-04-2018 ################################ # Exploit Author: Jetty Sairam ################################ # Software Link: extensionsjoomlaorg/extensions/extension/contacts-and-feedback/forms/conver ...

Joomla Convert Forms extension version 203 suffers from a CSV formula injection vulnerability ...

NVD-CWE-noinfo https://www.tassos.gr/blog/convert-forms-2-0-4-security-release https://www.exploit-db.com/exploits/44447/https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/https://nvd.nist.gov https://www.exploit-db.com/exploits/44447/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10063

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect