Lucene search
Veracode Vulnerability DatabaseVERACODE:25591HistoryJun 04, 2020 - 3:19 a.m.
CSV Injection
2020-06-0403:19:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
49.7%
october/october is vulnerable to CSV Injection. The vulnerability exists as it does not sanitize the value of $record in ImportExportController.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | le | 1.0.465 | |
| october/october | le | 1.0.465 |
References
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/advisories/GHSA-4rhm-m2fp-hx7q
github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a
github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484
github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q
Related
nvd
nvd
CVE-2020-5299
2020-06-03 22:15:11
osv
osv
Potential CSV Injection vector in OctoberCMS
2020-06-03 21:58:35
CVE-2020-5299
2020-06-03 22:15:11
cve
cve
CVE-2020-5299
2020-06-03 22:15:11
prion
prion
Design/Logic Flaw
2020-06-03 22:15:00
cvelist
cvelist
CVE-2020-5299 Potential CSV Injection vector in OctoberCMS
2020-06-03 22:00:18
github
github
Potential CSV Injection vector in OctoberCMS
2020-06-03 21:58:35
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00