Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve@huntrdevCVE-2022-1544
HistoryMay 01, 2022 - 12:15 p.m.

CVE-2022-1544

2022-05-0112:15:07
CWE-1236
@huntrdev
web.nvd.nist.gov
70
2
cve-2022-1544
formula injection
csv injection
github
luyadev/yii-helpers
nvd
security advisory

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.0%

JSON

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.

Affected configurations

Nvd
Node
luyayii-helpersRange<1.2.1
VendorProductVersionCPE
luyayii-helpers*cpe:2.3:a:luya:yii-helpers:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "luyadev/yii-helpers",
    "vendor": "luyadev",
    "versions": [
      {
        "lessThan": "1.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

osv 2
huntr 1
github 1
veracode 2
prion 1
cvelist 1
nvd 1
osv
osv
CVE-2022-1544
2022-05-01 12:15:07
Improper neutralization of formula elements in yii-helpers
2022-05-03 00:00:46
huntr
huntr
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File
2022-04-01 17:54:17
github
github
Improper neutralization of formula elements in yii-helpers
2022-05-03 00:00:46
veracode
veracode
CSV Injection
2022-05-04 15:53:25
CSV Injection
2022-05-05 08:09:00
prion
prion
Command injection
2022-05-01 12:15:00
cvelist
cvelist
CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers
2022-05-01 11:45:12
nvd
nvd
CVE-2022-1544
2022-05-01 12:15:07

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.0%

JSON
Related for CVE-2022-1544
osv2huntr1github1veracode2prion1cvelist1nvd1