logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Easy Registration Forms <= 2.0.6 - CSV Injection

Description

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

Affects Plugins

easy-registration-forms

No known fix

References

CVE

CVE-2020-22275

URL

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf

Classification

Type

CSV INJECTION

OWASP top 10

A1: Injection

CWE

CWE-1236

Miscellaneous

Original Researcher

Mohamad Pishdar (cert.ikiu.ac.ir)

Verified

No

WPVDB ID

2f32bcd9-7902-4f05-ab23-2fa50720d90b

Timeline

Publicly Published

2020-11-20 (about 8 months ago)

Added

2020-11-20 (about 8 months ago)

Last Updated

2020-11-21 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin