Описание
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:solarwinds:webhelpdesk:12.7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01048
Низкий
7.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
github
больше 3 лет назад
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
EPSS
Процентиль: 77%
0.01048
Низкий
7.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-1236