A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/147362/Shopy-Point-Of-Sale-1.0-CSV-Injection.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44534/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2018-05-01 19:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-10258
Mitre link : CVE-2018-10258
CVE.ORG link : CVE-2018-10258
JSON object : View
Products Affected
codeslab
- shopy_point_of_sale
CWE
CWE-1236
Improper Neutralization of Formula Elements in a CSV File