The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-07-25T12:47:55
Updated: 2022-07-25T12:47:54
Reserved: 2022-06-28T00:00:00
Link: CVE-2022-2240
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-25T13:15:08.563
Modified: 2022-07-29T15:16:17.903
Link: CVE-2022-2240
JSON object: View
Redhat Information
No data.
CWE