Chrisvidal

**Name of the Vulnerable Software and Affected Versions** OctoberCMS versions 1.0.319 through 1.0.465 **Description** The issue allows users with the ability to modify data that could be exported as a CSV file from the `ImportExportController` to potentially introduce a CSV injection, causing the generated CSV export file to be malicious. This requires attackers to find a vulnerability in the victim's spreadsheet software, control data that would be exported, and convince the victim to export and run the data in vulnerable software while bypassing sanity checks. **Recommendations** For OctoberCMS versions 1.0.319 through 1.0.465, update to Build 466 (v1.0.466) to resolve the issue. As a temporary workaround, apply the patches from https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a and https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484 to your installation manually if unable to upgrade to Build 466.