The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-14T14:40:48
Updated: 2021-07-14T19:31:10
Reserved: 2020-09-14T00:00:00
Link: CVE-2020-25445
JSON object: View
NVD Information
Status : Modified
Published: 2021-07-14T15:15:08.100
Modified: 2023-11-07T03:20:14.073
Link: CVE-2020-25445
JSON object: View
Redhat Information
No data.
CWE