CVE-2021-46363
published 2022-02-11CVE-2021-46363: An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas…
PriorityP340high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.75%
75.1th percentile
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magnolia-cms | magnolia_cms | < 6.2.4 | 6.2.4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Arbitrary code execution in Magnolia CMS
ghsa·2022-02-12
CVE-2021-46363 [HIGH] CWE-1236 Arbitrary code execution in Magnolia CMS
Arbitrary code execution in Magnolia CMS
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file.
OSV
Arbitrary code execution in Magnolia CMS
osv·2022-02-12
CVE-2021-46363 [HIGH] Arbitrary code execution in Magnolia CMS
Arbitrary code execution in Magnolia CMS
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisoryhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46363-Formula%20Injection-Magnolia%20CMShttps://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisoryhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46363-Formula%20Injection-Magnolia%20CMS
2022-02-11
Published