PT-2023-24336 · Minical · Minical

Thirukrishnan

Publicado

2023-06-05

Atualizado

2025-01-08

CVE-2023-33410

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Minical versions 1.0.0 and earlier

Description The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This is due to insufficient input validation on the Customer Name field in the Accounting module, which is used to construct a CSV file.

Recommendations For Minical versions 1.0.0 and earlier, update to a version that includes input validation for the Customer Name field in the Accounting module to prevent CSV injection attacks. As a temporary workaround, consider restricting input for the Customer Name field to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1236

Identificadores relacionados

CVE-2023-33410

Produtos afetados

Minical

PT-2023-24336 · Minical · Minical

CVE-2023-33410

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6