Описание
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Ссылки
- Broken Link
- Exploit
- Broken Link
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 8.0 (включая)
cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.0038
Низкий
8 High
CVSS3
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 8
github
около 2 лет назад
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
EPSS
Процентиль: 59%
0.0038
Низкий
8 High
CVSS3
Дефекты
CWE-1236