CVE-2023-29918
CVE-2023-29918
In short
RosarioSIS 10.8.4 allows attackers to inject malicious code through CSV files in the Periods Module. This can trick users into executing unintended actions when they open exported data in spreadsheet applications.
Technical detail
CSV injection vulnerability in RosarioSIS 10.8.4's Periods Module allows an attacker to craft malicious CSV data that, when imported or opened in spreadsheet applications, executes arbitrary formulas or commands. The attack requires user interaction (opening the CSV file) and relies on default spreadsheet application behavior of executing formula cells prefixed with special characters (=, +, @, -).
Summary generated and translated by AI from the official description.
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/51622unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →