Vulnerability Details CVE-2018-9035
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.088
EPSS Ranking 92.2%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 6.8
Products affected by CVE-2018-9035
-
Contact-Form-7-To-Database-Extension Project » Contact-Form-7-To-Database-Extension » Version: 2.10.30cpe:2.3:a:contact-form-7-to-database-extension_project:contact-form-7-to-database-extension:2.10.30
-
Contact-Form-7-To-Database-Extension Project » Contact-Form-7-To-Database-Extension » Version: 2.10.31cpe:2.3:a:contact-form-7-to-database-extension_project:contact-form-7-to-database-extension:2.10.31
-
Contact-Form-7-To-Database-Extension Project » Contact-Form-7-To-Database-Extension » Version: 2.10.32cpe:2.3:a:contact-form-7-to-database-extension_project:contact-form-7-to-database-extension:2.10.32