Описание
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.0 (включая)
cpe:2.3:a:sahipro:sahi_pro:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00376
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.
EPSS
Процентиль: 59%
0.00376
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236