CVE-2017-9101Code Execution using import.php. We know import.php accept file and just read content not stored in server. But when we stored payload in our backdoor.csv and upload to phonebook. Its execute our payload and show on next page in field (in NAME,MOBILE,Email,Group COde,Tags) accordingly.
