Veracode Vulnerability DatabaseVERACODE:41074Command Injection
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
26.0%
admidio/admidio is vulnerable to CSV Injection. The vulnerability exists due to improper neutralization of formula elements in a CSV file which allows an attacker to execute arbitrary code via a crafted excel file.
References
github.com/Admidio/admidio/commit/3ad58f140f95cde7f18605ff3b54443af19eb9df
github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f
github.com/Admidio/admidio/issues/1433
github.com/Admidio/admidio/releases/tag/v4.2.9
github.com/advisories/GHSA-hm75-8w6h-4f8f
huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a
huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a/
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
26.0%