CVE-2018-9137EUVD-2018-2073719.04.2018, 08:29Open-AudIT before 2.2 has CSV Injection.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary6.8 MEDIUMNETWORKLOWLOWCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 84%Affected Products (NVD)VendorProductVersionopen-auditopen-audit𝑥≤ 2.1𝑥= Vulnerable software versionsKnown Exploits!https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018https://www.exploit-db.com/exploits/44511/https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018https://www.exploit-db.com/exploits/44511/Common Weakness EnumerationCWE-1236 - Improper Neutralization of Formula Elements in a CSV FileThe software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.Referenceshttps://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018https://www.exploit-db.com/exploits/44511/https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018https://www.exploit-db.com/exploits/44511/