A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-08T18:00:17
Updated: 2024-08-05T01:47:13.470Z
Reserved: 2019-10-16T00:00:00
Link: CVE-2019-17661
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-08T18:15:13.527
Modified: 2024-02-14T17:00:29.027
Link: CVE-2019-17661
Redhat
No data.