Acronis Cyber Protect/Backup Remote Code Execution

Fortinet FortiManager Unauthenticated Remote Code Execution

Asterisk AMI Originate Authenticated Remote Code Execution

Debian Security Advisory 5823-1

Debian Security Advisory 5815-2

Rukovoditel version 3.3.1 suffers from a CSV injection vulnerability.

    Exploit Title: Rukovoditel 3.3.1 - CSV injectionVersion: 3.3.1Bugs:  CSV InjectionTechnology: PHPVendor URL: https://www.rukovoditel.net/Software Link: https://www.rukovoditel.net/download.phpDate of found: 27-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================Step 1. login as userstep 2. Go to My Account ( http://127.0.0.1/index.php?module=users/account )step 3. Set Firstname as  =calc|a!z|step 3. If admin Export costumers as CSV  file ,in The computer of admin  occurs csv injection and will open calculator (http://localhost/index.php?module=items/items&path=1)payload: =calc|a!z|

Headline

Rukovoditel 3.3.1 CSV Injection

Packet Storm: Latest News