First published: Fri Nov 17 2023(Updated: )
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
|Affected Software||Affected Version||How to fix|
CVE-2023-48029 is a vulnerability in Corebos 8.0 and below that allows an attacker with low privileges to inject a malicious command into a table through CSV Injection.
CVE-2023-48029 is exploited when an administrator exports data to a CSV file in the user management section of Corebos and then opens it, triggering the execution of the malicious command.
CVE-2023-48029 has a severity level of high with a severity value of 8.
At the moment, there is no known fix for CVE-2023-48029. It is recommended to stay updated with the latest security patches and consider upgrading to a newer version of Corebos.
You can find more information about CVE-2023-48029 at the following references: [GitHub Gist](https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5), [CVE-2023-48029](https://nitipoom-jar.github.io/CVE-2023-48029/).