PT-2020-13128 · Subrion · Subrion Cms

Published

2020-04-29

Updated

2022-05-24

CVE-2020-12468

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1

Description The issue allows for CSV injection through a phrase value within a language, related to the "phrases/add/" and "languages/download/" API endpoints.

Recommendations For Subrion CMS version 4.2.1, consider restricting access to the "phrases/add/" and "languages/download/" endpoints until a fix is available. Avoid using phrase values that could lead to CSV injection in the affected language settings.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-12468

GHSA-4F4H-JGJP-3VFG

Affected Products

Subrion Cms

PT-2020-13128 · Subrion · Subrion Cms

CVE-2020-12468

Related Identifiers

Affected Products

References · 6