Vulnerabilities > CVE-2021-41824 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Craftcms Craft CMS

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
craftcms
CWE-1236
NVD
Published: 2021-09-30
Updated: 2021-11-30

Summary

Craft CMS before 3.7.14 allows CSV injection.

Vulnerable Configurations

Part Description Count
Application
Craftcms
143

Common Weakness Enumeration (CWE)

References