Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
CVE-2023-3493

7.7HIGH

Key Information:

Vendor: Fossbilling
Status: Fossbilling/fossbilling
Vendor: CVE Published:; 30 June 2023

🔔 Create Fossbilling Vulnerability Alert

What is CVE-2023-3493?

FossBilling is impacted by a vulnerability involving improper neutralization of formula elements in CSV files. This flaw allows attackers to exploit CSV files containing malicious formulas, potentially leading to unintended execution of commands or data corruption when opened in spreadsheet applications. Users are advised to upgrade to version 0.5.3 or later to mitigate this risk and ensure safer handling of their data.

Affected Version(s)

fossbilling/fossbilling < 0.5.3

References

https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb...

https://github.com/fossbilling/fossbilling/commit/9402d6c...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Jun 30, 2023

CVE-2023-3493 Data

JSON