CSV Injection Vulnerability in HRSALE The Ultimate HRM by HRSALE
CVE-2018-10257

8.8HIGH

Key Information:

Vendor

Hrsale Project

Status
Hrsale
Vendor
CVE Published:
1 May 2018

What is CVE-2018-10257?

A vulnerability in HRSALE The Ultimate HRM version 1.0.2 allows users with low-level privileges to perform CSV Injection. This can potentially allow malicious users to include commands that will be executed when the CSV file is opened. The flaw arises from the improper sanitization of user inputs, leading to security risks during the export of data to CSV format. Exploitation of this vulnerability can result in unauthorized code execution, making data handling in this application a critical concern for users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/147364/HRSALE-The-Ul...
x_refsource_MISC
https://www.exploit-db.com/exploits/44536/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.