Acronis Cyber Protect/Backup Remote Code Execution

Fortinet FortiManager Unauthenticated Remote Code Execution

Asterisk AMI Originate Authenticated Remote Code Execution

Debian Security Advisory 5823-1

Debian Security Advisory 5815-2

projectSend version r1605 suffers from a CSV injection vulnerability.

    Exploit Title: projectSend r1605 - CSV injectionVersion: r1605Bugs:  CSV InjectionTechnology: PHPVendor URL: https://www.projectsend.org/Software Link: https://www.projectsend.org/Date of found: 11-06-2023Author: Mirabbas AğalarovTested on: Windows2. Technical Details & POC========================================Step 1. login as userstep 2. Go to My Account ( http://localhost/users-edit.php?id=2 )step 3. Set name as  =calc|a!z|step 3. If admin Export action-log as CSV  file ,in The computer of admin  occurs csv injection and will open calculator ( http://localhost/actions-log.php )payload: =calc|a!z|

Headline

projectSend r1605 CSV Injection

Packet Storm: Latest News