Vulnerability Details CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2023-48029
-
cpe:2.3:a:corebos:corebos:-
-
cpe:2.3:a:corebos:corebos:5.4
-
cpe:2.3:a:corebos:corebos:5.5
-
cpe:2.3:a:corebos:corebos:7.0
-
cpe:2.3:a:corebos:corebos:8.0