CVE-2018-809218.04.2018, 08:29Mautic before 2.13.0 allows CSV injection.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 65%VendorProductVersionmauticmautic𝑥< 2.13.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-1236 - Improper Neutralization of Formula Elements in a CSV FileThe software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.Referenceshttps://github.com/mautic/mautic/releases/tag/2.13.0https://github.com/mautic/mautic/releases/tag/2.13.0