Vulnerabilities > CVE-2018-9107 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection. CVE-2018-9107. Webapps exploit for PHP platform |
file | exploits/php/webapps/44369.txt |
id | EDB-ID:44369 |
last seen | 2018-05-24 |
modified | 2018-03-30 |
platform | php |
port | 80 |
published | 2018-03-30 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/44369/ |
title | Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/146993/joomlaacymailingstarter595-inject.txt |
id | PACKETSTORM:146993 |
last seen | 2018-04-03 |
published | 2018-03-31 |
reporter | Sureshbabu Narvaneni |
source | https://packetstormsecurity.com/files/146993/Joomla-Acymailing-Starter-5.9.5-CSV-Macro-Injection.html |
title | Joomla Acymailing Starter 5.9.5 CSV Macro Injection |
References
- https://vel.joomla.org/articles/2140-introducing-csv-injection
- https://vel.joomla.org/articles/2140-introducing-csv-injection
- https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection
- https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection
- https://www.acyba.com/acymailing/change-log.html
- https://www.acyba.com/acymailing/change-log.html
- https://www.exploit-db.com/exploits/44369/
- https://www.exploit-db.com/exploits/44369/