| Título | SourceCodester Inventory Management System 1.0 CSV Injection |
|---|
| Descripción | A critical vulnerability exists in the **SVC report export feature** of the SourceCodester Inventory Management System.
An authenticated attacker can inject **Spreadsheet Formula Injection (SVC Injection)** payloads into item descriptions, which get executed when exported as an `.svc` file and opened in spreadsheet software such as Microsoft Excel or LibreOffice.
This vulnerability enables **remote command execution (RCE)** on the victim’s machine when they open the exported file.
This flaw poses a serious risk to administrators who routinely export inventory data. |
|---|
| Fuente | ⚠️ https://www.notion.so/Spreadsheet-Formula-Injection-Leading-to-Remote-Code-Execution-in-SourceCodester-Inventory-Managemen-2b723917db8c80dfaaabe2b74d6f283d?source=copy_link |
|---|
| Usuario | Amit_singh (UID 92775) |
|---|
| Sumisión | 2025-11-26 19:02 (hace 5 meses) |
|---|
| Moderación | 2025-12-07 20:32 (11 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 334671 [SourceCodester Inventory Management System 1.0 SVC Report Export escalada de privilegios] |
|---|
| Puntos | 17 |
|---|