Main Vulnerability Database Vulnerabilities #VU12594

#VU12594 CSV injection in AcySMS - CVE-2018-9106

Published: May 11, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU12594

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-9106

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
AcySMS

Software vendor:
Acyba

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists in the export feature in the Acyba AcySMS extension due to CSV Injection (aka Excel Macro Injection or Formula Injection). A remote attacker can execute arbitrary commands via a value that is mishandled in a CSV export.

Remediation

Update to version 3.5.1.

External links

https://www.acyba.com/acysms/change-log.html

#VU12594 CSV injection in AcySMS - CVE-2018-9106

Description

Remediation

External links

Please verify you're human