CSV Injection Vulnerability in Open-AudIT by Opmantek
CVE-2018-9137

6.8MEDIUM

Key Information:

Vendor: Open-audit
Status: Open-audit
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-9137?

Open-AudIT versions prior to 2.2 are susceptible to a CSV Injection vulnerability that allows attackers to craft malicious CSV files to exploit vulnerabilities during the export process. This could potentially lead to unauthorized command execution if the CSV file is opened in a vulnerable application. It is crucial for users to upgrade to the latest version to mitigate the risks associated with this vulnerability.

References

https://www.exploit-db.com/exploits/44511/

exploitx_refsource_EXPLOIT-DB

https://community.opmantek.com/display/OA/Errata+-+2.1+Se...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Mar 30, 2018

Open-audit

What is CVE-2018-9137?

References

CVSS V3.1

Timeline