Published: 04/04/2018 Updated: 24/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Contact-form-7-to-database-extension Project

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote malicious users to inject spreadsheet formulas into CSV files via the contact form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
contact-form-7-to-database-extension project contact-form-7-to-database-extension

# Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection # Date: 23-03-2018 # Exploit Author : Stefan Broeder # Contact : twittercom/stefanbroeder # Vendor Homepage: None # Software Link: wordpressorg/plugins/contact-form-7-to-database-extension # Version: 21032 # CVE : CVE-2018-9035 # Category : we ...

WordPress Contact Form 7 to Database Extension plugin version 21032 suffers from a CSV injection vulnerability ...

CWE-1236 https://www.exploit-db.com/exploits/44367/https://nvd.nist.gov https://www.exploit-db.com/exploits/44367/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9035

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect