PT-2022-27319 · Sourcecodester · Sourcecodester Event Registration App
Rashidkhan Pathan
·
Published
2022-11-21
·
Updated
2025-04-29
·
CVE-2022-44830
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Event Registration App version 1.0
Description
The issue concerns multiple CSV injection vulnerabilities found in the Sourcecodester Event Registration App. These vulnerabilities are exploited via the
First Name, Contact, and Remarks fields, allowing attackers to execute arbitrary code by using a crafted Excel file.Recommendations
For Sourcecodester Event Registration App version 1.0, consider restricting input in the
First Name, Contact, and Remarks fields to prevent CSV injection attacks until a patch is available. As a temporary workaround, avoid using these fields or limit their use to trusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Event Registration App