PT-2017-10749 · Framasoft · Framadate

Published

2017-07-13

Updated

2017-07-19

CVE-2017-1000039

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Framadate version 1.0

Description The issue concerns Formula Injection in the CSV Export, which could lead to Information Disclosure and Code Execution.

Recommendations For Framadate version 1.0, update to a version that fixes the Formula Injection issue in the CSV Export, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-1000039

Affected Products

Framadate

PT-2017-10749 · Framasoft · Framadate

CVE-2017-1000039

Weakness Enumeration

Related Identifiers

Affected Products

References · 3