CVE-2019-17661

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17661
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17661.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17661
Published
2019-11-08T18:15:13Z
Modified
2024-09-03T02:29:44.355312Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC.

References

Affected packages

Git / github.com/codepress/admin-columns

Affected ranges

Type
GIT
Repo
https://github.com/codepress/admin-columns
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

2.*

2.4.1
2.4.2
2.4.7
2.4.8
2.4.9
2.5
2.5.1
2.5.3
2.5.5
2.5.6.3

3.*

3.0
3.0.0
3.0.1
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.1
3.1.10
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3
3.3.1
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6