| शीर्षक | SourceCodester Pharmacy Sales and Inventory System 1.0 CSV Injection |
|---|
| विवरण | During the security review of "Pharmacy Sales and Inventory System", I discovered a critical CSV Injection vulnerability in the "/Export_csv/export" functionality. This vulnerability stems from insufficient output sanitization when generating CSV exports from the 'create_supplier' table data. Attackers can inject formula payloads into fields such as 'Address' or 'Company Name' through the supplier creation interface. When an administrator exports and opens the CSV file, the embedded formulas are parsed and executed by the spreadsheet application. Successful exploitation allows attackers to exfiltrate data, perform phishing attacks, or execute arbitrary commands depending on the victim's environment. Immediate remedial measures are needed to ensure system security and protect administrative data. |
|---|
| स्रोत | ⚠️ https://github.com/timeflies123/cve/issues/6 |
|---|
| उपयोगकर्ता | timeflies (UID 97515) |
|---|
| सबमिशन | 09/05/2026 06:10 AM (26 दिन पहले) |
|---|
| संयम | 31/05/2026 12:15 PM (22 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367526 [SourceCodester Pharmacy Sales and Inventory System तक 1.0 Supplier Creation Interface /Export_csv/export create_supplier Address/Company Name अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|