CVE-2022-1544

Name of the Vulnerable Software and Affected Versions yii-helpers versions prior to 1.2.1

Description The issue is related to Formula Injection/CSV Injection due to improper neutralization of formula elements in a CSV file. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of CSV files or implementing additional validation and sanitization of formula elements to minimize the risk of exploitation.