Impact
- All CSV Exports contain a CSV Injection Vulnerability
- BAG MED Exports
- Statistics Exports
Exploit
- A user enters a malicious formula into one of the exported fields
- Another user exports the data
- Opens the file with an editor like Excel
- The malicious formula is executed
This vulnerability has been discovered at a penetration test. It has not been exploited.
Patches
Workarounds
None
References
For more information
If you have any questions or comments about this advisory:
maennchen Remediation developer
Impact
Exploit
This vulnerability has been discovered at a penetration test. It has not been exploited.
Patches
Workarounds
None
References
For more information
If you have any questions or comments about this advisory: