Vulnerabilities > CVE-2022-37786 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Wecube-Platform Project Wecube-Platform 3.2.2

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

wecube-platform-project

CWE-1236

NVD

Published: 2023-01-01

Updated: 2023-01-09

Summary

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.

Vulnerable Configurations

Part	Description	Count
Application	Wecube-Platform_Project Wecube Platform Project Wecube Platform 3.2.2	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://github.com/WeBankPartners/wecube-platform
https://github.com/WeBankPartners/wecube-platform/issues/2327