CVE-2018-10258

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
References
Link Resource
http://packetstormsecurity.com/files/147362/Shopy-Point-Of-Sale-1.0-CSV-Injection.html Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44534/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeslab:shopy_point_of_sale:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-01 19:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-10258

Mitre link : CVE-2018-10258

CVE.ORG link : CVE-2018-10258


JSON object : View

Products Affected

codeslab

  • shopy_point_of_sale
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File