Summaryinfo

A vulnerability classified as problematic has been found in KWHotel 0.47. Affected is an unknown function of the component Add Guest. This manipulation causes csv injection. This vulnerability is registered as CVE-2023-46400. No exploit is available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability has been found in KWHotel 0.47 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Add Guest. The manipulation with an unknown input leads to a csv injection vulnerability. The CWE definition for the vulnerability is CWE-1236. The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. The impact remains unknown. The summary by CVE is:

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.

It is possible to read the advisory at gist.github.com. This vulnerability is known as CVE-2023-46400 since 10/23/2023. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 02/08/2025).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Hospitality Software

Name

• KWHotel

Version

• 0.47

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion