Vulnerabilities > CVE-2018-10258 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Shopy Point of Sale 1.0 - CSV Injection. CVE-2018-10258. Webapps exploit for PHP platform |
| file | exploits/php/webapps/44534.txt |
| id | EDB-ID:44534 |
| last seen | 2018-05-24 |
| modified | 2018-04-25 |
| platform | php |
| port | |
| published | 2018-04-25 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44534/ |
| title | Shopy Point of Sale 1.0 - CSV Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/147362/shopypos10-inject.txt |
| id | PACKETSTORM:147362 |
| last seen | 2018-04-27 |
| published | 2018-04-26 |
| reporter | 8bitsec |
| source | https://packetstormsecurity.com/files/147362/Shopy-Point-Of-Sale-1.0-CSV-Injection.html |
| title | Shopy Point Of Sale 1.0 CSV Injection |