CVE-2019-17661

{"id": "CVE-2019-17661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-11-08T18:15:13.527", "references": [{"url": "https://www2.deloitte.com/de/de/pages/risk/articles/wordpress-csv-injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www2.deloitte.com/de/de/pages/risk/articles/wordpress-csv-injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC."}, {"lang": "es", "value": "Una inyecci\u00f3n CSV en el plugin codepress-admin-columns (tambi\u00e9n se conoce como Admin Columns) versi\u00f3n 3.4.6 para WordPress, permite a usuarios maliciosos conseguir el control remoto de otras computadoras. Mediante la selecci\u00f3n del c\u00f3digo de la f\u00f3rmula como su nombre o apellido, un atacante puede crear un usuario con un nombre que contenga c\u00f3digo malicioso. Otros usuarios pueden descargar estos datos como un archivo CSV y corromper su PC abri\u00e9ndolos en una herramienta como Microsoft Excel. El atacante podr\u00eda conseguir acceso remoto a la PC del usuario."}], "lastModified": "2024-11-21T04:32:43.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:admincolumns:admin_columns:3.4.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AA5A6F1A-1082-4D06-AF52-09834770FD26"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}