← voltar
CVE-2020-25445

CVE-2020-25445

EPSS 0.9%
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e