PT-2023-24336 · Minical · Minical
Thirukrishnan
·
Published
2023-06-05
·
Updated
2025-01-08
·
CVE-2023-33410
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Minical versions 1.0.0 and earlier
Description
The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This is due to insufficient input validation on the
Customer Name field in the Accounting module, which is used to construct a CSV file.Recommendations
For Minical versions 1.0.0 and earlier, update to a version that includes input validation for the
Customer Name field in the Accounting module to prevent CSV injection attacks.
As a temporary workaround, consider restricting input for the Customer Name field to minimize the risk of exploitation.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Minical