Lucene search
Varun thoratWPEX-ID:62BE0991-F095-43CF-A167-3DAAED254594HistoryAug 17, 2022 - 12:00 a.m.
Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
2022-08-1700:00:00
Varun thorat
245
mobile events manager
admin+
csv injection
enquiry source
event
transaction
spreadsheet application
malicious csv
0.002 Low
EPSS
Percentile
61.3%
The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.
Export events with malicious CSV:
1. Create and save a new Enquiry source and add the following in the name field: =Calc|A!Z
2. Create and save a new Event with test information and select our malicious CSV payload from the dropdown of "Enquiry source"
3. Victim generate CSV file export and download it
Export transaction with malicious CSV:
1. Add transaction & enter 'Paid from" as malicious CSV script =Calc|A!Z & save the transaction
2. Victim generate CSV file export and download it
The malicious CSV script is executed when the file is opened by the victim in a spreadsheet application.
Related
prion
prion
Input validation
2022-09-16 09:15:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-1194 Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
2022-09-16 08:40:25
nvd
nvd
CVE-2022-1194
2022-09-16 09:15:10
cve
cve
CVE-2022-1194
2022-09-16 09:15:10
wpvulndb
wpvulndb
Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
2022-08-17 00:00:00