PT-2020-9849 · Solarwinds · Solarwinds Web Help Desk

Published

2020-12-21

Updated

2021-07-21

CVE-2019-16959

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk version 12.7.0

Description The issue allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

Recommendations For SolarWinds Web Help Desk version 12.7.0, consider restricting the ability to attach files to tickets or validating the contents of attached files to prevent CSV Injection attacks until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2019-16959

Affected Products

Solarwinds Web Help Desk

PT-2020-9849 · Solarwinds · Solarwinds Web Help Desk

CVE-2019-16959

Weakness Enumeration

Related Identifiers

Affected Products

References · 8