← voltar
CVE-2018-25135

Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

CVSS 9.3 CRITICALEPSS 0.6%CWE-149
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Anviz Biometric Technology Co., Ltd. · Anviz AIM CrossChex Standard

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.anviz.comhttps://www.exploit-db.com/exploits/45765https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php