CVE-2020-5299
Potential CSV Injection vector in OctoberCMS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).
En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, cualquier usuario con la capacidad de modificar cualquier información que eventualmente podría ser exportada como un archivo CSV desde la función "ImportExportController" podría introducir potencialmente una inyección CSV en los datos para causar que el archivo de exportación CSV generado sea malicioso. Esto requiere que atacantes logren lo siguiente antes de que se pueda completar un ataque exitoso: 1. Han encontrado una vulnerabilidad en el software de hoja de cálculo de las víctimas de elección. 2. Los datos de control que podrían potencialmente ser exportados por medio de la función "ImportExportController" por parte una víctima teórica. 3. Convencer a la víctima para exportar datos anteriores como un CSV y ejecutarlos en un software de hoja de cálculo vulnerable, mientras que también al omitir cualquier comprobación de sanidad para dicho software. El problema ha sido parcheado en el Build 466 (versión v1.0.466)
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-02 CVE Reserved
- 2020-06-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html | Third Party Advisory | |
http://seclists.org/fulldisclosure/2020/Aug/2 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Octobercms Search vendor "Octobercms" | October Search vendor "Octobercms" for product "October" | >= 1.0.319 < 1.0.466 Search vendor "Octobercms" for product "October" and version " >= 1.0.319 < 1.0.466" | - |
Affected
|