exploitDog

CVE-2023-25348

Опубликовано: 25 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

Ссылки

https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25348
Exploit
Third Party Advisory
https://github.com/ChurchCRM/CRM
Product
https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25348
Exploit
Third Party Advisory
https://github.com/ChurchCRM/CRM
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00132

Низкий

7.8 High

CVSS3

Дефекты

CWE-1236

CWE-1236

Связанные уязвимости

GHSA-pwpx-fv8f-9458

CVSS3: 7.8

github

почти 3 года назад

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

EPSS

Процентиль: 33%

0.00132

Низкий

7.8 High

CVSS3

Дефекты

CWE-1236

CWE-1236