← volver
CVE-2020-25445

CVE-2020-25445

EPSS 0.9%
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e