Lucene search

@huntrdevCVELIST:CVE-2023-3493

HistoryJun 30, 2023 - 9:14 p.m.

CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling

2023-06-3021:14:49

CWE-1236

@huntrdev

www.cve.org

cve

csv file

formula elements

fossbilling

github repository

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CNA Affected

[
  {
    "vendor": "fossbilling",
    "product": "fossbilling/fossbilling",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.5.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc

huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

Related for CVELIST:CVE-2023-3493