Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-29918Improper Neutralization of Formula Elements in a CSV File in Rosariosis

CWE-1236Improper Neutralization of Formula Elements in a CSV File4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
5.1%
top 10.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Francoisjacquet RosariosisRosariosis
Timeline
PublishedMay 2
Latest updateJul 28

Description

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

Packagistfrancoisjacquet/rosariosis10.8.4

🔴Vulnerability Details

2
GHSA
RosarioSIS vulnerable to CSV Injection2023-05-02
OSV
RosarioSIS vulnerable to CSV Injection2023-05-02

💥Exploits & PoCs

1
Exploit-DB
RosarioSIS 10.8.4 - CSV Injection2023-07-28