| عنوان | SourceCodester Inventory Management System 1.0 CSV Injection |
|---|
| الوصف | A critical vulnerability exists in the **SVC report export feature** of the SourceCodester Inventory Management System.
An authenticated attacker can inject **Spreadsheet Formula Injection (SVC Injection)** payloads into item descriptions, which get executed when exported as an `.svc` file and opened in spreadsheet software such as Microsoft Excel or LibreOffice.
This vulnerability enables **remote command execution (RCE)** on the victim’s machine when they open the exported file.
This flaw poses a serious risk to administrators who routinely export inventory data. |
|---|
| المصدر | ⚠️ https://www.notion.so/Spreadsheet-Formula-Injection-Leading-to-Remote-Code-Execution-in-SourceCodester-Inventory-Managemen-2b723917db8c80dfaaabe2b74d6f283d?source=copy_link |
|---|
| المستخدم | Amit_singh (UID 92775) |
|---|
| ارسال | 26/11/2025 07:02 PM (5 أشهر منذ) |
|---|
| الاعتدال | 07/12/2025 08:32 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 334671 [SourceCodester Inventory Management System 1.0 SVC Report Export تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|