Vulnerabilities > CVE-2018-10257 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | HRSALE The Ultimate HRM 1.0.2 - CSV Injection. CVE-2018-10257. Webapps exploit for PHP platform |
| file | exploits/php/webapps/44536.txt |
| id | EDB-ID:44536 |
| last seen | 2018-05-24 |
| modified | 2018-04-25 |
| platform | php |
| port | |
| published | 2018-04-25 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44536/ |
| title | HRSALE The Ultimate HRM 1.0.2 - CSV Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/147364/hrsalehrm102-inject.txt |
| id | PACKETSTORM:147364 |
| last seen | 2018-04-27 |
| published | 2018-04-26 |
| reporter | 8bitsec |
| source | https://packetstormsecurity.com/files/147364/HRSALE-The-Ultimate-HRM-1.0.2-CSV-Injection.html |
| title | HRSALE The Ultimate HRM 1.0.2 CSV Injection |