Vulnerabilities > CVE-2018-9107 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection. CVE-2018-9107. Webapps exploit for PHP platform |
| file | exploits/php/webapps/44369.txt |
| id | EDB-ID:44369 |
| last seen | 2018-05-24 |
| modified | 2018-03-30 |
| platform | php |
| port | 80 |
| published | 2018-03-30 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44369/ |
| title | Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/146993/joomlaacymailingstarter595-inject.txt |
| id | PACKETSTORM:146993 |
| last seen | 2018-04-03 |
| published | 2018-03-31 |
| reporter | Sureshbabu Narvaneni |
| source | https://packetstormsecurity.com/files/146993/Joomla-Acymailing-Starter-5.9.5-CSV-Macro-Injection.html |
| title | Joomla Acymailing Starter 5.9.5 CSV Macro Injection |