CSV Injection Vulnerability in SolarWinds Web Help Desk Software

CVE-2019-16959

What is CVE-2019-16959?

SolarWinds Web Help Desk version 12.7.0 is susceptible to a CSV Injection vulnerability, also recognized as Formula Injection. This issue arises when an attacker attaches a malicious file to a support ticket, potentially enabling arbitrary code execution in the victim's environment upon processing the file. The vulnerability poses a significant risk to data security, making it crucial for administrators to sanitize user inputs and manage attachments diligently.

References