CVE-2019-19676

Name of the Vulnerable Software and Affected Versions arxes-tolina version 3.0.0

Description A CSV injection issue allows malicious users to gain remote control of other computers by entering formula code in specific columns, including Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung. This can lead to the creation of a user with a name containing malicious code. If other users download the corrupted data as a CSV file and open it in a tool like Microsoft Excel, their PC can be compromised, potentially granting the attacker remote access.

Recommendations For arxes-tolina version 3.0.0, consider restricting access to the columns Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung to prevent malicious formula code injection until a patch is available. As a temporary workaround, avoid downloading and opening CSV files from untrusted sources in tools like Microsoft Excel to minimize the risk of exploitation.