WordPress Plugin Vulnerabilities

Connections Business Directory < 9.7 - Admin+ CSV Injection

Description

The plugin does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

Proof of Concept

1. Visit https://example.com/wordpress/wp-admin/admin.php?page=connections_add
2. In the input filed add payload @SUM(1+1)*cmd|' /C calc'!A0
3. Visit Connections Tools and then click on Export All
4. It will download a file cn-export-all-MM-DD-YYYY.csv open it with Microsoft Excel

Affects Plugins

Plugin icon
connections
Fixed in 9.7

References

CVE
CVE-2020-36503
URL
https://github.com/Connections-Business-Directory/Connections/issues/474

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
4.0 (medium)

Miscellaneous

Original Researcher
Rudra Sarkar
Verified
Yes
WPVDB ID
dd394b55-c86f-4fa2-aae8-5903ca0b95ec

Timeline

Publicly Published
2020-05-29 (about 3 years ago)
Added
2021-10-25 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2023-02-02
Title
Simple History < 3.4.0 - Improper Neutralization of Formula Elements in a CSV File
Published
2022-09-25
Title
Activity Log < 2.8.4 - CSV Injection
Published
2022-11-17
Title
Export Users With Meta <= 0.6.10 - Subscriber+ CSV Injection
Published
2023-01-27
Title
Site Reviews < 6.4.0 - Unauthenticated CSV Injection
Published
2022-10-27
Title
Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection