Vulnerability Details CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
- https://www.exploit-db.com/exploits/44447/
- https://www.tassos.gr/blog/convert-forms-2-0-4-security-release
- https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
- https://www.exploit-db.com/exploits/44447/
- https://www.tassos.gr/blog/convert-forms-2-0-4-security-release
Products affected by CVE-2018-10063
-
cpe:2.3:a:convert_forms_project:convert_forms:2.0.3