CVE-2023-45597

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A CWE-1236 issue in the file configuration functionality of the web application, concerning the export file function, allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files.

Recommendations For versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the export file function until a patch is available. Avoid using the file configuration functionality in the web application until the issue is resolved.