CVE-2018-11525
HIGHAdvanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-11525. PoCs published by Bhushan B. Patil.
AI-analyzed exploit summary This exploit demonstrates a CSV injection vulnerability in WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4. The payload @SUM(1+1)*cmd|' /C calc'!A0 is injected into form fields, which executes arbitrary commands when a privileged user opens the exported CSV file.
Description
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
Exploits (1)
This exploit demonstrates a CSV injection vulnerability in WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4. The payload @SUM(1+1)*cmd|' /C calc'!A0 is injected into form fields, which executes arbitrary commands when a privileged user opens the exported CSV file.
References (3)
Scores
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H