Title:WordPress Contact Form 7 to Database Extension插件输入验证错误漏洞 (CVE-2018-9035) Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Contact Form 7 to Database Extension plugin是使用在其中的一个用于连接Web表单和数据库的插件。 WordPress Contact Form 7 to Database Extension插件2.10.32版本中的ExportToCsvUtf8.php文件中存在CSV注入漏洞。远程攻击者可借助联系表单利用该漏洞将电子表格公
Description
CVE 2018-9035: CSV Injection in Wordpress with plugin Contact Form 7 to Database Extension 2.10.3
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.