CVE-2018-25135

Summary

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.

Affected Software

VendorProductVersion RangeStatus
Anviz Biometric Technology Co., Ltd.Anviz AIM CrossChex Standard4.3affected

Weaknesses

  • CWE-149: Improper Neutralization of Quoting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References