CVE-2018-25135
CRITICALDescription
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2018-25135? +
How severe is CVE-2018-25135? +
How do I check if I'm vulnerable to CVE-2018-25135? +
Related Vulnerabilities
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. …
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to …
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass …