Описание
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- Product
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tendenci:tendenci:12.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 9.8
github
11 дней назад
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
EPSS
Процентиль: 39%
0.00176
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1236