CVE-2023-46401

Name of the Vulnerable Software and Affected Versions KWHotel version 0.47

Description The issue concerns CSV Formula Injection in the invoice adding function. This allows for potential exploitation through malicious formula injection in CSV files.

Recommendations For KWHotel version 0.47, consider disabling the invoice adding function until a patch is available to prevent CSV Formula Injection. Restrict access to the invoice management module to minimize the risk of exploitation. Avoid using the invoice adding feature with untrusted CSV files until the issue is resolved.