GHSA-MQ3X-QGWX-3RFW Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...