francoisjacquet/rosariosis is vulnerable to CSV Injection. The vulnerability exists because the _listSearch
function of ListOutput.fnc.php
does not properly escape CSV records, which allows an attacker to inject and execute malicious code via a crafted excel file.
CPE | Name | Operator | Version |
---|---|---|---|
francoisjacquet/rosariosis | le | v10.9.4 | |
francoisjacquet/rosariosis | le | v10.9.4 |