CVE-2018-10258
Shopy Point of Sale v1.0 is affected by a CSV Injection vulnerability (CVE-2018-10258). A low-privilege user can craft data that, when exported to CSV, executes commands on the system. Exploitation details appear in multiple sources, including PoC steps showing adding =cmd|'/C calc'!A1 to a custo...