Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Rukovoditel Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53913 - Vulnerability Database
Rukovoditel

Rukovoditel Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53913

High
Reference: CVE-2023-53913
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53913
Title: Rukovoditel Improper Neutralization of Formula Elements in a CSV File Vulnerability
Overview:

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like calcaz to trigger code execution when an admin exports customer data as a CSV file.