What the vulnerability does
01Description
Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
What the vulnerability does
Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.
Explanation of Vulnerability in Simple Terms
Export Users Data CSV versions up to 2.1 contain an authorization flaw that allows authenticated users to read and modify sensitive data belonging to other users. An attacker with low-level site access can export user information or alter records by manipulating requests. The vulnerability requires user interaction and affects confidentiality and integrity of user data.
What an attacker can do
Read and modify other users' data, including exporting sensitive information or changing user records.
Potential impact on your site
User data can be exposed or altered by attackers with basic site access; user privacy and data integrity are at risk.
Conditions required to exploit
Attacker must have a low-privilege account on the site and trick a user into clicking a malicious link or visiting a crafted page.
Key dates
External resources
Related vulnerabilities