Vulnerabilities > CVE-2023-48029 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Corebos 5.4/5.5/7.0

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

corebos

CWE-1236

NVD

Published: 2023-11-17

Updated: 2023-11-25

Summary

Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.

Vulnerable Configurations

Part	Description	Count
Application	Corebos Corebos Corebos - Corebos Corebos 5.4 Corebos Corebos 5.5 Corebos Corebos 7.0	4

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5
https://nitipoom-jar.github.io/CVE-2023-48029/