Vulnerability Details CVE-2020-22275
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://uploadboy.com/ty0715vdcii6/886/mp4
- https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf
- https://filebin.net/30ceikgukh268yyj
- http://uploadboy.com/ty0715vdcii6/886/mp4
- https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf
- https://filebin.net/30ceikgukh268yyj
Products affected by CVE-2020-22275
-
cpe:2.3:a:easyregistrationforms:easy_registration_forms:2.0.6