ГлавнаяУязвимости → CVE-2018-25135
9.8критическая

CVE-2018-25135

Описание

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.anviz.comhttps://www.exploit-db.com/exploits/45765https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.phphttps://www.exploit-db.com/exploits/45765https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php