| tiêu đề | Tianti Project Tianti 2.3 CSV Injection |
|---|
| Mô tả | Tianti supports exporting the user list in CSV format. The generation of the CSV file does not validate data, making it vulnerable to CSV injection vulnerabilities. This flaw can be used by a low-privilege attacker to target the website's owner, if the owner exports the user list to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to command execution on the machine on which the CSV file is opened. |
|---|
| Nguồn | ⚠️ https://github.com/N1n3b9S/cve/issues/16 |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 01/08/2025 03:32 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 09/08/2025 09:51 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 319337 [xujeff tianti 天梯 đến 2.3 com.jeff.tianti.controller save exportOrder nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|