Lucene search

@huntrdevCVE-2023-3302

HistoryJun 23, 2023 - 1:15 p.m.

CVE-2023-3302

2023-06-2313:15:10

CWE-1236

@huntrdev

web.nvd.nist.gov

cve-2023-3302

improper neutralization

formula elements

csv file

github

repository

admidio

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

Affected configurations

Nvd

Node

admidioadmidioRange<4.2.9

VendorProductVersionCPE
admidioadmidio*cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
admidio	admidio	*	cpe:2.3:a:admidio:admidio::::::::

CNA Affected

[
  {
    "vendor": "admidio",
    "product": "admidio/admidio",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.2.9",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f

huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for CVE-2023-3302