CVE-2018-20752

Name of the Vulnerable Software and Affected Versions: Recon-ng versions prior to 4.9.5

Description: The issue is related to a lack of validation in the modules/reporting/csv.py file, which allows CSV injection. Specifically, when a Twitter user has an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.

Recommendations: For versions prior to 4.9.5, update to version 4.9.5 or later to resolve the issue. As a temporary workaround, consider disabling the CSV export feature in the reporting module until a patch is available. Restrict access to the csv.py file to minimize the risk of exploitation. Avoid using the CSV export feature for Twitter users with potentially malicious usernames until the issue is resolved.