Описание
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:surveyking_project:surveyking:0.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01201
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
EPSS
Процентиль: 79%
0.01201
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1236