CVE-2023-48029

Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5	Broken Link
https://nitipoom-jar.github.io/CVE-2023-48029/	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:*

History

25 Nov 2023, 02:29

Type	Values Removed	Values Added
References	~~() https://nitipoom-jar.github.io/CVE-2023-48029/ -~~	() https://nitipoom-jar.github.io/CVE-2023-48029/ - Exploit
References	~~() https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5 -~~	() https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5 - Broken Link
CWE		CWE-1236
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
CPE		cpe:2.3:a:corebos:corebos::::::::
First Time		Corebos Corebos corebos

17 Nov 2023, 13:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-17 13:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-48029

Mitre link : CVE-2023-48029

CVE.ORG link : CVE-2023-48029

JSON object : View

Products Affected

corebos

corebos

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

8.0 /10