Vulnerabilities > CVE-2021-24144 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ciphercoin

CWE-1236

NVD

Published: 2021-03-18

Updated: 2022-11-14

Summary

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

Vulnerable Configurations

Part	Description	Count
Application	Ciphercoin Ciphercoin Contact Form 7 Database Addon 1.0.0 Ciphercoin Contact Form 7 Database Addon 1.2.4.10 Ciphercoin Contact Form 7 Database Addon 1.2.4.11 Ciphercoin Contact Form 7 Database Addon 1.2.5 Ciphercoin Contact Form 7 Database Addon 1.2.5.3 Ciphercoin Contact Form 7 Database Addon 1.2.5.4	6

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://wpscan.com/vulnerability/143cdaff-c536-4ff9-8d64-c617511ddd48