CVE-2021-24144

CVE-2021-24144: Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

Vendor Unknown
Product Contact Form 7 Database Addon
Weakness CWE-74
Published March 18, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

Key dates

02Disclosure timeline

March 18, 2021 CVE published
August 3, 2024 Record updated