Vulnerabilities > CVE-2018-11526 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

exploit available

NVD

Published: 2018-06-19

Updated: 2020-08-24

Summary

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

Part	Description	Count
Application	Webtoffee Webtoffee Wordpress Comments Import AND Export 1.0.0 Webtoffee Wordpress Comments Import AND Export 1.0.1 Webtoffee Wordpress Comments Import AND Export 1.0.2 Webtoffee Wordpress Comments Import AND Export 1.0.3 Webtoffee Wordpress Comments Import AND Export 1.0.4 Webtoffee Wordpress Comments Import AND Export 2.0.0 Webtoffee Wordpress Comments Import AND Export 2.0.1 Webtoffee Wordpress Comments Import AND Export 2.0.2 Webtoffee Wordpress Comments Import AND Export 2.0.3 Webtoffee Wordpress Comments Import AND Export 2.0.4	10

description	Wordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection. CVE-2018-11526. Webapps exploit for PHP platform
file	exploits/php/webapps/44940.txt
id	EDB-ID:44940
last seen	2018-06-25
modified	2018-06-25
platform	php
port	80
published	2018-06-25
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44940/
title	Wordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection
type	webapps

data source	https://packetstormsecurity.com/files/download/148293/wpcie-csvinject.txt
id	PACKETSTORM:148293
last seen	2018-06-26
published	2018-06-25
reporter	Bhushan B. Patil
source	https://packetstormsecurity.com/files/148293/WordPress-Comments-Import-And-Export-CSV-Injection.html
title	WordPress Comments Import And Export CSV Injection