CVE-2024-29375
CVE-2024-29375
In short
A CSV injection vulnerability in Addactis IBNRS allows attackers to execute arbitrary code by uploading a specially crafted file with malicious content in project description and other fields. This can lead to complete system compromise.
Technical detail
CVE-2024-29375 is a CSV injection vulnerability affecting Addactis IBNRS v.3.10.3.107 where unsanitized input in Project Description, Identifiers, Custom Triangle Name, and Yield Curve Name parameters permits remote code execution via crafted .ibnrs files. The attack requires file upload access but has no authentication or special preconditions, resulting in arbitrary code execution with application privileges.
Summary generated and translated by AI from the official description.
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/ismailcemunver/CVE-2024-29375★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →