Описание
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
EPSS
Процентиль: 25%
0.00085
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-149
Связанные уязвимости
CVSS3: 9.8
github
около 1 месяца назад
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
EPSS
Процентиль: 25%
0.00085
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-149