Vulnerabilities > CVE-2023-33410 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

minical

CWE-1236

NVD

Published: 2023-06-05

Updated: 2023-06-09

Summary

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.

Vulnerable Configurations

Part	Description	Count
Application	Minical Minical Minical 1.0.0	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://github.com/minical/minical
https://github.com/Thirukrishnan/CVE-2023-33410