CVE-2023-48029
First published: Fri Nov 17 2023(Updated: )
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Corebos Corebos | <=8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-48029?
CVE-2023-48029 is a vulnerability in Corebos 8.0 and below that allows an attacker with low privileges to inject a malicious command into a table through CSV Injection.
How does CVE-2023-48029 work?
CVE-2023-48029 is exploited when an administrator exports data to a CSV file in the user management section of Corebos and then opens it, triggering the execution of the malicious command.
What is the severity of CVE-2023-48029?
CVE-2023-48029 has a severity level of high with a severity value of 8.
Is there a fix for CVE-2023-48029?
At the moment, there is no known fix for CVE-2023-48029. It is recommended to stay updated with the latest security patches and consider upgrading to a newer version of Corebos.
Where can I find more information about CVE-2023-48029?
You can find more information about CVE-2023-48029 at the following references: [GitHub Gist](https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5), [CVE-2023-48029](https://nitipoom-jar.github.io/CVE-2023-48029/).
- collector/mitre-cve
- collector/nvd-api
- vendor/corebos
- product/corebos
- canonical/corebos corebos