Vulnerabilities > CVE-2018-10255 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Blog Master Pro 1.0 - CSV Injection. CVE-2018-10255. Webapps exploit for PHP platform |
| file | exploits/php/webapps/44535.txt |
| id | EDB-ID:44535 |
| last seen | 2018-05-24 |
| modified | 2018-04-25 |
| platform | php |
| port | |
| published | 2018-04-25 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44535/ |
| title | Blog Master Pro 1.0 - CSV Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/147363/blogmasterpro10-inject.txt |
| id | PACKETSTORM:147363 |
| last seen | 2018-04-27 |
| published | 2018-04-26 |
| reporter | 8bitsec |
| source | https://packetstormsecurity.com/files/147363/Blog-Master-Pro-1.0-CSV-Injection.html |
| title | Blog Master Pro 1.0 CSV Injection |