CVE-2018-10063 - The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using

CVE-2018-10063

Summary

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.

References

https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
https://www.exploit-db.com/exploits/44447/
https://www.tassos.gr/blog/convert-forms-2-0-4-security-release

Vulnerable Configurations

cpe:2.3:a:convert_forms_project:convert_forms:2.0.3:*:*:*:*:joomla\!:*:*
cpe:2.3:a:convert_forms_project:convert_forms:2.0.3:*:*:*:*:joomla\!:*:*

CVSS

Base:	6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
exploit-db	44447
misc	https://www.tassos.gr/blog/convert-forms-2-0-4-security-release

Last major update

03-10-2019 - 00:03

Published

12-04-2018 - 19:29

Last modified

03-10-2019 - 00:03