Vulnerabilities > CVE-2018-10063 - Unspecified vulnerability in Convert Forms Project Convert Forms 2.0.3
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection). CVE-2018-10063. Webapps exploit for PHP platform |
| file | exploits/php/webapps/44447.txt |
| id | EDB-ID:44447 |
| last seen | 2018-05-24 |
| modified | 2018-04-12 |
| platform | php |
| port | |
| published | 2018-04-12 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44447/ |
| title | Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/147174/joomlaconvertforms203-inject.txt |
| id | PACKETSTORM:147174 |
| last seen | 2018-04-13 |
| published | 2018-04-12 |
| reporter | Jetty Sairam |
| source | https://packetstormsecurity.com/files/147174/Joomla-Convert-Forms-2.0.3-CSV-Injection.html |
| title | Joomla Convert Forms 2.0.3 CSV Injection |
References
- https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
- https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
- https://www.exploit-db.com/exploits/44447/
- https://www.exploit-db.com/exploits/44447/
- https://www.tassos.gr/blog/convert-forms-2-0-4-security-release
- https://www.tassos.gr/blog/convert-forms-2-0-4-security-release