CVE-2018-9107
published 2018-03-28CVE-2018-9107: CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.42%
93.7th percentile
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acyba | acymailing | <= 5.9.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor CSV exports from AcyMailing for field values beginning with formula-injection characters (@, =, +, -) which may indicate embedded macro payloads. ↗
- →Inspect subscriber name/username fields in the AcyMailing database for values containing pipe characters, cmd references, or formula prefixes (e.g. @SUM, =CMD) that would execute on CSV open. ↗
- →Alert on AcyMailing component versions 5.9.5 and earlier (before 5.9.6) as vulnerable to CSV macro injection via the export feature. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
https://vel.joomla.org/articles/2140-introducing-csv-injectionhttps://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injectionhttps://www.acyba.com/acymailing/change-log.htmlhttps://www.exploit-db.com/exploits/44369/https://vel.joomla.org/articles/2140-introducing-csv-injectionhttps://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injectionhttps://www.acyba.com/acymailing/change-log.htmlhttps://www.exploit-db.com/exploits/44369/
2018-03-28
Published