| Título | SourceCodester Inventory Management System 1.0 CSV Injection |
|---|
| Descrição | A critical vulnerability exists in the **SVC report export feature** of the SourceCodester Inventory Management System.
An authenticated attacker can inject **Spreadsheet Formula Injection (SVC Injection)** payloads into item descriptions, which get executed when exported as an `.svc` file and opened in spreadsheet software such as Microsoft Excel or LibreOffice.
This vulnerability enables **remote command execution (RCE)** on the victim’s machine when they open the exported file.
This flaw poses a serious risk to administrators who routinely export inventory data. |
|---|
| Fonte | ⚠️ https://www.notion.so/Spreadsheet-Formula-Injection-Leading-to-Remote-Code-Execution-in-SourceCodester-Inventory-Managemen-2b723917db8c80dfaaabe2b74d6f283d?source=copy_link |
|---|
| Utilizador | Amit_singh (UID 92775) |
|---|
| Submissão | 26/11/2025 19h02 (há 5 meses) |
|---|
| Moderação | 07/12/2025 20h32 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 334671 [SourceCodester Inventory Management System 1.0 SVC Report Export Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|