A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
References
Link | Resource |
---|---|
https://www2.deloitte.com/de/de/pages/risk/articles/wordpress-csv-injection.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-08T18:00:17
Updated: 2019-11-08T18:00:17
Reserved: 2019-10-16T00:00:00
Link: CVE-2019-17661
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-08T18:15:13.527
Modified: 2024-02-14T17:00:29.027
Link: CVE-2019-17661
JSON object: View
Redhat Information
No data.
CWE