Lucene search
China National Vulnerability DatabaseCNVD-2023-64497HistoryApr 28, 2023 - 12:00 a.m.
ChurchCRM CSV Injection Vulnerability
2023-04-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
churchcrm
csv injection
vulnerability
account creation
arbitrary code execution
open source
0.001 Low
EPSS
Percentile
25.9%
ChurchCRM is an open source CRM system for churches. ChurchCRM v4.5.3 suffers from a CSV injection vulnerability that stems from improperly neutralizing a formula element via the last name and first name input fields when creating a new account, which can be exploited by an attacker to execute arbitrary code via a crafted excel file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| churchcrm churchcrm v | eq | 4.5.3 |
Related
osv
osv
CVE-2023-25348
2023-04-25 13:15:09
cve
cve
CVE-2023-25348
2023-04-25 13:15:09
nvd
nvd
CVE-2023-25348
2023-04-25 13:15:09
prion
prion
Design/Logic Flaw
2023-04-25 13:15:00
cvelist
cvelist
CVE-2023-25348
2023-04-25 00:00:00