Lucene search

[email protected]CVE-2018-10258

HistoryMay 01, 2018 - 7:29 p.m.

CVE-2018-10258

2018-05-0119:29:01

CWE-1236

[email protected]

web.nvd.nist.gov

cve

2018

10258

csv injection

shopy point of sale

nvd

code execution

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

Affected configurations

NVD

Node

codeslabshopy_point_of_saleMatch1.0

CPENameOperatorVersion
codeslab:shopy_point_of_salecodeslab shopy point of saleeq1.0

CPE	Name	Operator	Version
codeslab:shopy_point_of_sale	codeslab shopy point of sale	eq	1.0

References

packetstormsecurity.com/files/147362/Shopy-Point-Of-Sale-1.0-CSV-Injection.html

www.exploit-db.com/exploits/44534/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2018-10258

exploitpack1 packetstorm1 nvd1 zdt1 prion1 cvelist1 exploitdb1