Vulnerabilities > CVE-2018-9107 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
acyba
CWE-1236
exploit available

Summary

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

Vulnerable Configurations

Part Description Count
Application
Acyba
70

Exploit-Db

descriptionJoomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection. CVE-2018-9107. Webapps exploit for PHP platform
fileexploits/php/webapps/44369.txt
idEDB-ID:44369
last seen2018-05-24
modified2018-03-30
platformphp
port80
published2018-03-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44369/
titleJoomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/146993/joomlaacymailingstarter595-inject.txt
idPACKETSTORM:146993
last seen2018-04-03
published2018-03-31
reporterSureshbabu Narvaneni
sourcehttps://packetstormsecurity.com/files/146993/Joomla-Acymailing-Starter-5.9.5-CSV-Macro-Injection.html
titleJoomla Acymailing Starter 5.9.5 CSV Macro Injection