Vulnerabilities > CVE-2020-24707 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Getgophish Gophish

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
getgophish
CWE-1236
critical

Summary

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.