Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
References
| Link | Resource |
|---|---|
| https://gitee.com/surveyking/surveyking/issues/I4V05A | Exploit Third Party Advisory |
| https://gitee.com/surveyking/surveyking/issues/I4V05A | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gitee.com/surveyking/surveyking/issues/I4V05A - Exploit, Third Party Advisory |
30 Mar 2022, 18:32
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:surveyking_project:surveyking:0.3.0:*:*:*:*:*:*:* | |
| CWE | CWE-1236 | |
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| References | (MISC) https://gitee.com/surveyking/surveyking/issues/I4V05A - Exploit, Third Party Advisory |
24 Mar 2022, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-24 22:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-26249
Mitre link : CVE-2022-26249
CVE.ORG link : CVE-2022-26249
JSON object : View
Products Affected
surveyking_project
- surveyking
CWE
CWE-1236
Improper Neutralization of Formula Elements in a CSV File