The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.Referenceshttps://www.exploit-db.com/exploits/44447/https://www.tassos.gr/blog/convert-forms-2-0-4-security-releasehttps://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/
