WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Connections Business Directory < 9.7 - Admin+ CSV Injection

Description

The plugin does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

Proof of Concept

1. Visit https://example.com/wordpress/wp-admin/admin.php?page=connections_add
2. In the input filed add payload @SUM(1+1)*cmd|' /C calc'!A0
3. Visit Connections Tools and then click on Export All
4. It will download a file cn-export-all-MM-DD-YYYY.csv open it with Microsoft Excel

Affects Plugins

connections
Fixed in version 9.7

References

CVE
CVE-2020-36503
URL
https://github.com/Connections-Business-Directory/Connections/issues/474

Classification

Type

CSV INJECTION

OWASP top 10
A1: Injection
CWE
CWE-1236

Miscellaneous

Original Researcher

Rudra Sarkar

Verified

Yes

WPVDB ID
dd394b55-c86f-4fa2-aae8-5903ca0b95ec

Timeline

Publicly Published

2020-05-29 (about 2 years ago)

Added

2021-10-25 (about 1 years ago)

Last Updated

2022-04-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin