Vulnerabilities > CVE-2022-22121 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Xgenecloud Nocodb
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |