CVE-2020-28848 Information

Description

CSV Injection vulnerability in ChurchCRM version 4.2.0 allows remote attackers to execute arbitrary code via crafted CSV file.

Reference

https://github.com/ChurchCRM/CRM/issues/5465