CVE-2018-25135
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Anviz Biometric Technology Co., Ltd. | Anviz AIM CrossChex Standard | 4.3 | affected |
Weaknesses
- CWE-149: Improper Neutralization of Quoting Syntax
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
- https://www.exploit-db.com/exploits/45765
References
- https://www.exploit-db.com/exploits/45765
- https://www.anviz.com
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.