CSV Injection Vulnerability in Craft CMS Software
CVE-2021-41824

8.8HIGH

Key Information:

Vendor

Craftcms

Status
Craft Cms
Vendor
CVE Published:
30 September 2021

What is CVE-2021-41824?

Craft CMS versions prior to 3.7.14 are susceptible to a CSV injection vulnerability. This flaw can be exploited by attackers to manipulate output data into a CSV file, potentially leading to security breaches or unintended data exposure. Users of the affected versions are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md...
x_refsource_MISC
https://twitter.com/craftcmsupdates/status/14429286901453...
x_refsource_MISC
https://github.com/craftcms/cms/security/advisories/GHSA-...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-41824 : CSV Injection Vulnerability in Craft CMS Software