PT-2018-18753 · Microbetrace · Microbetrace
West Shepherd
·
Published
2018-04-26
·
Updated
2020-03-27
·
CVE-2018-8974
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MicrobeTRACE version 0.1.11
Description
The issue allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line.
Recommendations
For MicrobeTRACE version 0.1.11, update to a version released after 2018-03-28 to resolve the issue. As a temporary workaround, consider restricting the import of CSV files or validating their content to prevent code injection.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Microbetrace