Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53905 - Vulnerability Database
ProjectSend

ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53905

High
Reference: CVE-2023-53905
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53905
Title: ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability
Overview:

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like calcaz in the name field to trigger code execution when administrators export action logs as CSV files.