CVE-2022-40472

Name of the Vulnerable Software and Affected Versions ZKBio Time version 8.0.7

Description A CSV injection issue allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

Recommendations For version 8.0.7, consider disabling the Add New Message module until a patch is available to prevent exploitation of the CSV injection issue. Restrict access to the Content text field to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.