Lucene search

PatchstackCVE-2022-45348

HistoryNov 07, 2023 - 5:15 p.m.

CVE-2022-45348

2023-11-0717:15:08

CWE-1236

Patchstack

web.nvd.nist.gov

cve-2022-45348

improper neutralization

formula elements

csv file

vulnerability

anmari amr users

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4.

Affected configurations

Nvd

Vulners

Node

anmariamr_usersRange≤4.59.4wordpress

VendorProductVersionCPE
anmariamr_users*cpe:2.3:a:anmari:amr_users:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
anmari	amr_users	*	cpe:2.3:a:anmari:amr_users::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "amr-users",
    "product": "amr users",
    "vendor": "anmari",
    "versions": [
      {
        "lessThanOrEqual": "4.59.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/amr-users/wordpress-amr-users-plugin-4-59-4-csv-injection-vulnerability?_s_id=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVE-2022-45348