Описание
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:bookingcore:booking_core:1.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
github
больше 3 лет назад
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
EPSS
Процентиль: 42%
0.00203
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-1236