CSV Injection Vulnerability in ChurchCRM by ChurchCRM
CVE-2023-25348
7.8HIGH
What is CVE-2023-25348?
An input field vulnerability in ChurchCRM version 4.5.3 has been identified, allowing CSV injection via the 'Last Name' and 'First Name' fields when creating a new person. This vulnerability poses a risk by enabling attackers to craft malicious Excel files that can execute arbitrary code upon opening, potentially compromising the integrity and security of sensitive data.