CSV Injection Vulnerability in SolarWinds Web Help Desk Software
CVE-2019-16959

6.5MEDIUM

Key Information:

Vendor
Solarwinds
Status
Webhelpdesk
Vendor
CVE Published:
21 December 2020

Summary

SolarWinds Web Help Desk version 12.7.0 is susceptible to a CSV Injection vulnerability, also recognized as Formula Injection. This issue arises when an attacker attaches a malicious file to a support ticket, potentially enabling arbitrary code execution in the victim's environment upon processing the file. The vulnerability poses a significant risk to data security, making it crucial for administrators to sanitize user inputs and manage attachments diligently.

References

https://support.solarwinds.com/SuccessCenter/s/
x_refsource_MISC
https://www.solarwinds.com/free-tools/free-help-desk-soft...
x_refsource_MISC
https://www.esecforte.com/formula-injection-vulnerability...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.