Vulnerabilities > CVE-2022-27858 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Activity LOG Project Activity LOG

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

activity-log-project

CWE-1236

critical

NVD

Published: 2022-11-08

Updated: 2024-09-16

Summary

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.

Vulnerable Configurations

Part	Description	Count
Application	Activity_Log_Project Activity LOG Project Activity LOG - Activity LOG Project Activity LOG 1.0 Activity LOG Project Activity LOG 1.0.1 Activity LOG Project Activity LOG 1.0.2 Activity LOG Project Activity LOG 1.0.3 Activity LOG Project Activity LOG 1.0.4 Activity LOG Project Activity LOG 1.0.5 Activity LOG Project Activity LOG 1.0.6 Activity LOG Project Activity LOG 1.0.7 Activity LOG Project Activity LOG 1.0.8 Activity LOG Project Activity LOG 2.0.0 Activity LOG Project Activity LOG 2.0.1 Activity LOG Project Activity LOG 2.0.2 Activity LOG Project Activity LOG 2.0.3 Activity LOG Project Activity LOG 2.0.4 Activity LOG Project Activity LOG 2.0.5 Activity LOG Project Activity LOG 2.0.6 Activity LOG Project Activity LOG 2.0.7 Activity LOG Project Activity LOG 2.1.0 Activity LOG Project Activity LOG 2.1.1 Activity LOG Project Activity LOG 2.1.2 Activity LOG Project Activity LOG 2.1.3 Activity LOG Project Activity LOG 2.1.4 Activity LOG Project Activity LOG 2.1.5 Activity LOG Project Activity LOG 2.1.6 Activity LOG Project Activity LOG 2.1.7 Activity LOG Project Activity LOG 2.1.8 Activity LOG Project Activity LOG 2.1.9 Activity LOG Project Activity LOG 2.1.10 Activity LOG Project Activity LOG 2.1.11 Activity LOG Project Activity LOG 2.1.12 Activity LOG Project Activity LOG 2.1.13 Activity LOG Project Activity LOG 2.1.14 Activity LOG Project Activity LOG 2.1.15 Activity LOG Project Activity LOG 2.1.16 Activity LOG Project Activity LOG 2.2.0 Activity LOG Project Activity LOG 2.2.1 Activity LOG Project Activity LOG 2.2.2 Activity LOG Project Activity LOG 2.2.3 Activity LOG Project Activity LOG 2.2.4 Activity LOG Project Activity LOG 2.2.5 Activity LOG Project Activity LOG 2.2.6 Activity LOG Project Activity LOG 2.2.7 Activity LOG Project Activity LOG 2.2.8 Activity LOG Project Activity LOG 2.2.9 Activity LOG Project Activity LOG 2.2.10 Activity LOG Project Activity LOG 2.2.11 Activity LOG Project Activity LOG 2.2.12 Activity LOG Project Activity LOG 2.3.0 Activity LOG Project Activity LOG 2.3.1 Activity LOG Project Activity LOG 2.3.2 Activity LOG Project Activity LOG 2.3.3 Activity LOG Project Activity LOG 2.3.4 Activity LOG Project Activity LOG 2.3.5 Activity LOG Project Activity LOG 2.3.6 Activity LOG Project Activity LOG 2.4.0 Activity LOG Project Activity LOG 2.4.1 Activity LOG Project Activity LOG 2.5.0 Activity LOG Project Activity LOG 2.5.1 Activity LOG Project Activity LOG 2.5.2	60

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://patchstack.com/database/vulnerability/aryo-activity-log/wordpress-activity-log-plugin-2-8-3-csv-injection-vulnerability?_s_id=cve