Vulnerabilities > CVE-2019-13181 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
solarwinds
CWE-1236
NVD
Published: 2019-12-16
Updated: 2020-08-24

Summary

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

Vulnerable Configurations

Part Description Count
Application
Solarwinds
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155673/servuftpcsv-inject.txt
idPACKETSTORM:155673
last seen2019-12-16
published2019-12-16
reporterRichard Tan
sourcehttps://packetstormsecurity.com/files/155673/Serv-U-FTP-Server-15.1.7-CSV-Injection.html
titleServ-U FTP Server 15.1.7 CSV Injection

References