CVE-2023-48029

Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
coreboscorebos
𝑥
≤ 8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5
https://nitipoom-jar.github.io/CVE-2023-48029/
https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5
https://nitipoom-jar.github.io/CVE-2023-48029/