SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
References
Link | Resource |
---|---|
https://support.solarwinds.com/SuccessCenter/s/ | Product |
https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/ | Exploit Third Party Advisory |
https://www.solarwinds.com/free-tools/free-help-desk-software | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-21T15:13:21
Updated: 2020-12-21T15:13:21
Reserved: 2019-09-29T00:00:00
Link: CVE-2019-16959
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-21T16:15:12.977
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-16959
JSON object: View
Redhat Information
No data.
CWE