Vulnerabilities > CVE-2018-11526 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
webtoffee
CWE-1236
exploit available

Summary

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

Exploit-Db

descriptionWordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection. CVE-2018-11526. Webapps exploit for PHP platform
fileexploits/php/webapps/44940.txt
idEDB-ID:44940
last seen2018-06-25
modified2018-06-25
platformphp
port80
published2018-06-25
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44940/
titleWordpress Plugin Comments Import & Export < 2.0.4 - CSV Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148293/wpcie-csvinject.txt
idPACKETSTORM:148293
last seen2018-06-26
published2018-06-25
reporterBhushan B. Patil
sourcehttps://packetstormsecurity.com/files/148293/WordPress-Comments-Import-And-Export-CSV-Injection.html
titleWordPress Comments Import And Export CSV Injection