Vulnerabilities > CVE-2022-2240 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Emarketdesign Request a Quote

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

emarketdesign

CWE-1236

NVD

Published: 2022-07-25

Updated: 2022-07-29

Summary

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

Vulnerable Configurations

Part	Description	Count
Application	Emarketdesign Emarketdesign Request A Quote - Emarketdesign Request A Quote 1.0.0 Emarketdesign Request A Quote 1.5.0 Emarketdesign Request A Quote 1.6.0 Emarketdesign Request A Quote 1.7.0 Emarketdesign Request A Quote 1.8.0 Emarketdesign Request A Quote 1.9.0 Emarketdesign Request A Quote 1.9.1 Emarketdesign Request A Quote 1.9.5 Emarketdesign Request A Quote 1.9.6 Emarketdesign Request A Quote 2.0.0 Emarketdesign Request A Quote 2.0.1 Emarketdesign Request A Quote 2.0.2 Emarketdesign Request A Quote 2.0.3 Emarketdesign Request A Quote 2.0.4 Emarketdesign Request A Quote 2.0.5 Emarketdesign Request A Quote 2.1.0 Emarketdesign Request A Quote 2.2.0 Emarketdesign Request A Quote 2.3.0 Emarketdesign Request A Quote 2.3.1 Emarketdesign Request A Quote 2.3.2 Emarketdesign Request A Quote 2.3.3 Emarketdesign Request A Quote 2.3.4 Emarketdesign Request A Quote 2.3.5 Emarketdesign Request A Quote 2.3.6 Emarketdesign Request A Quote 2.3.7	26

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e