| 제목 | SourceCodester Inventory Management System 1.0 CSV Injection |
|---|
| 설명 | A critical vulnerability exists in the **SVC report export feature** of the SourceCodester Inventory Management System.
An authenticated attacker can inject **Spreadsheet Formula Injection (SVC Injection)** payloads into item descriptions, which get executed when exported as an `.svc` file and opened in spreadsheet software such as Microsoft Excel or LibreOffice.
This vulnerability enables **remote command execution (RCE)** on the victim’s machine when they open the exported file.
This flaw poses a serious risk to administrators who routinely export inventory data. |
|---|
| 원천 | ⚠️ https://www.notion.so/Spreadsheet-Formula-Injection-Leading-to-Remote-Code-Execution-in-SourceCodester-Inventory-Managemen-2b723917db8c80dfaaabe2b74d6f283d?source=copy_link |
|---|
| 사용자 | Amit_singh (UID 92775) |
|---|
| 제출 | 2025. 11. 26. PM 07:02 (5 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 07. PM 08:32 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 334671 [SourceCodester Inventory Management System 1.0 SVC Report Export 권한 상승] |
|---|
| 포인트들 | 17 |
|---|