cbcvebase.
CVE-2018-9107
published 2018-03-28

CVE-2018-9107: CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a…

PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.42%
93.7th percentile
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

Affected

1 ranges
VendorProductVersion rangeFixed in
acybaacymailing<= 5.9.5

Detection & IOCsextracted from sources · hover to see the quote

command@SUM(1+1)*cmd|' /C calc'!A0
  • Monitor CSV exports from AcyMailing for field values beginning with formula-injection characters (@, =, +, -) which may indicate embedded macro payloads.
  • Inspect subscriber name/username fields in the AcyMailing database for values containing pipe characters, cmd references, or formula prefixes (e.g. @SUM, =CMD) that would execute on CSV open.
  • Alert on AcyMailing component versions 5.9.5 and earlier (before 5.9.6) as vulnerable to CSV macro injection via the export feature.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.