WordPress Plugin Vulnerabilities

Connections Business Directory < 9.7 - Admin+ CSV Injection

Description

The plugin does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

Proof of Concept

1. Visit https://example.com/wordpress/wp-admin/admin.php?page=connections_add
2. In the input filed add payload @SUM(1+1)*cmd|' /C calc'!A0
3. Visit Connections Tools and then click on Export All
4. It will download a file cn-export-all-MM-DD-YYYY.csv open it with Microsoft Excel

Affects Plugins

Plugin icon
connections
Fixed in 9.7

References

CVE
CVE-2020-36503
URL
https://github.com/Connections-Business-Directory/Connections/issues/474

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
4.0 (medium)

Miscellaneous

Original Researcher
Rudra Sarkar
Verified
Yes
WPVDB ID
dd394b55-c86f-4fa2-aae8-5903ca0b95ec

Timeline

Publicly Published
2020-05-29 (about 3 years ago)
Added
2021-10-25 (about 2 years ago)
Last Updated
2022-04-13 (about 1 years ago)

Other

Published
Title
Published
2022-11-17
Title
Export Users With Meta <= 0.6.10 - Subscriber+ CSV Injection
Published
2023-11-07
Title
1003 Mortgage Application < 1.80 - Improper Neutralization of Formula Elements in a CSV File
Published
2023-11-07
Title
Posts and Users Stats < 1.1.4 - Improper Neutralization of Formula Elements in a CSV File
Published
2022-09-25
Title
Activity Log < 2.8.4 - CSV Injection
Published
2022-10-17
Title
FluentForm < 4.3.13 - CSV Injection