Vulnerabilities > CVE-2022-26249 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Surveyking Project Surveyking 0.3.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

surveyking-project

CWE-1236

critical

NVD

Published: 2022-03-24

Updated: 2022-03-30

Summary

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.

Vulnerable Configurations

Part	Description	Count
Application	Surveyking_Project Surveyking Project Surveyking 0.3.0	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://gitee.com/surveyking/surveyking/issues/I4V05A