CVE-2019-12765
published 2019-06-11CVE-2019-12765: An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.49%
95.2th percentile
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla_! | 3.9.0 – 3.9.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor Joomla user registration form submissions where the 'jform[name]' field contains CSV injection characters (e.g., leading '=', '+', '-', '@') followed by pipe-delimited command strings such as '=cmd|'. ↗
- →Alert on POST requests to the Joomla registration endpoint (/index.php/component/users/?view=registration) containing formula-injection patterns in name fields, indicative of CSV injection staging via com_actionslogs. ↗
- →The CSV export of com_actionslogs is the delivery vector; inspect exported CSV files or HTTP responses from com_actionslogs for cells beginning with '=', '+', '-', or '@' followed by command syntax. ↗
- ·The exploit payload uses 'calc.exe' as a proof-of-concept; real-world attackers would substitute arbitrary OS commands. Detection rules should match the formula-injection prefix pattern generically (e.g., '=cmd|') rather than only the PoC payload. ↗
- ·Vulnerability affects Joomla! versions before 3.9.7; instances running 3.9.7 or later with the patch applied are not susceptible via this vector. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2019-06-11
Published