CVE-2022-2240

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
References
Configurations

Configuration 1

cpe:2.3:a:emarketdesign:request_a_quote:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-07-25 01:15

Updated : 2022-07-29 03:16


NVD link : CVE-2022-2240

Mitre link : CVE-2022-2240

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File