Vulnerabilities > CVE-2018-10504 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
web-dorado
CWE-1236
exploit available

Summary

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

Vulnerable Configurations

Part Description Count
Application
Web-Dorado
1

Exploit-Db

descriptionWordPress Plugin Form Maker 1.12.20 - CSV Injection. CVE-2018-10504. Webapps exploit for PHP platform
fileexploits/php/webapps/44559.txt
idEDB-ID:44559
last seen2018-05-24
modified2018-04-30
platformphp
port
published2018-04-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44559/
titleWordPress Plugin Form Maker 1.12.20 - CSV Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147408/wpformmaker11220-inject.txt
idPACKETSTORM:147408
last seen2018-05-07
published2018-04-30
reporterJetty Sairam
sourcehttps://packetstormsecurity.com/files/147408/WordPress-Form-Maker-1.12.20-CSV-Injection.html
titleWordPress Form Maker 1.12.20 CSV Injection