Descrição
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2020-9372
Tags
Nâo informado
Data de publicação
04/03/2020
Última atualização
11/03/2022
Pontuação em CVSS 3.0
7.8
Alto