CVE-2020-22275

EUVD-2020-15040
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
easyregistrationformseasy_registration_forms
2.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://uploadboy.com/ty0715vdcii6/886/mp4
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf
https://filebin.net/30ceikgukh268yyj
http://uploadboy.com/ty0715vdcii6/886/mp4
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf
https://filebin.net/30ceikgukh268yyj