// For flags

CVE-2020-5299

Potential CSV Injection vector in OctoberCMS

Severity Score

5.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).

En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, cualquier usuario con la capacidad de modificar cualquier información que eventualmente podría ser exportada como un archivo CSV desde la función "ImportExportController" podría introducir potencialmente una inyección CSV en los datos para causar que el archivo de exportación CSV generado sea malicioso. Esto requiere que atacantes logren lo siguiente antes de que se pueda completar un ataque exitoso: 1. Han encontrado una vulnerabilidad en el software de hoja de cálculo de las víctimas de elección. 2. Los datos de control que podrían potencialmente ser exportados por medio de la función "ImportExportController" por parte una víctima teórica. 3. Convencer a la víctima para exportar datos anteriores como un CSV y ejecutarlos en un software de hoja de cálculo vulnerable, mientras que también al omitir cualquier comprobación de sanidad para dicho software. El problema ha sido parcheado en el Build 466 (versión v1.0.466)

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-02 CVE Reserved
  • 2020-06-03 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Octobercms
Search vendor "Octobercms"
 October
Search vendor "Octobercms" for product "October"
 >= 1.0.319 < 1.0.466
Search vendor "Octobercms" for product "October" and version " >= 1.0.319 < 1.0.466"
-
Affected