CVE-2023-53913

Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.3.1

Description The software contains a CSV injection issue that allows authenticated users to inject malicious formulas into the firstname field. An attacker can create payloads, such as =calc|a!z|, to execute code when an administrator exports customer data as a CSV file.

Recommendations Apply a fix or update to a newer version that addresses this vulnerability. As a temporary workaround, sanitize the firstname field to remove or escape potentially malicious characters before exporting data as a CSV file.