| Titel | Incorta 2023.4.3 CSV Injection |
|---|
| Beschreibung | During the assessment of the on-premise Incorta application, I identified a vulnerability by which we can pass the malicious CSV macro script in the application. Later this payload will be downloaded in the CSV file and executed on the user side. |
|---|
| Quelle | ⚠️ https://localhost/v1/query/download |
|---|
| Benutzer | Zaid Shaikh (UID 79527) |
|---|
| Einreichung | 18.02.2025 14:42 (vor 1 Jahr) |
|---|
| Moderieren | 02.03.2025 09:04 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 298104 [Incorta 2023.4.3 Edit Insight Service Name erweiterte Rechte] |
|---|
| Punkte | 16 |
|---|