Vulnerabilities > CVE-2021-24144 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
ciphercoin
CWE-1236

Summary

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.