WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Request a Quote <= 2.3.7 - CSV Injection

Description

The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

Proof of Concept

On a page with a Quote Request form, upload the following CSV as an attachment:

"First Name","Last name","Email","Passport Number"
a,"=cmd|' /C calc'!A0","=1+2",d

The CSV injection will happen when an admin will download and open the CSV file from the All Quotes Dashboard

Affects Plugins

request-a-quote
No known fix - plugin closed

References

CVE
CVE-2022-2240

Classification

Type

CSV INJECTION

OWASP top 10
A1: Injection
CWE
CWE-1236

Miscellaneous

Original Researcher

Benachi

Submitter

Benachi

Submitter twitter
teradch
Verified

Yes

WPVDB ID
6a3a573e-f9f2-45ec-9156-332cc551fc7e

Timeline

Publicly Published

2022-06-28 (about 5 months ago)

Added

2022-06-28 (about 5 months ago)

Last Updated

2022-06-28 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin