CVE-2022-44830

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/RashidKhanPathan/CVE-2022-44830	Exploit Third Party Advisory
https://github.com/RashidKhanPathan/CVE-2022-44830	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:event_registration_application_project:event_registration_application:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:28

Type	Values Removed	Values Added
References	~~() https://github.com/RashidKhanPathan/CVE-2022-44830 - Exploit, Third Party Advisory~~	() https://github.com/RashidKhanPathan/CVE-2022-44830 - Exploit, Third Party Advisory

23 Nov 2022, 15:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-21 18:15

Updated : 2025-04-29 16:15

NVD link : CVE-2022-44830

Mitre link : CVE-2022-44830

CVE.ORG link : CVE-2022-44830

JSON object : View

Products Affected

event_registration_application_project

event_registration_application

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2022-44830", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-11-21T18:15:25.317", "references": [{"url": "https://github.com/RashidKhanPathan/CVE-2022-44830", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/RashidKhanPathan/CVE-2022-44830", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file."}, {"lang": "es", "value": "Se descubri\u00f3 que la aplicaci\u00f3n Sourcecodester Event Registration v1.0 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n de CSV a trav\u00e9s de los campos Nombre, Contacto y Comentarios. Estas vulnerabilidades permiten a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Excel manipulado."}], "lastModified": "2025-04-29T16:15:28.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:event_registration_application_project:event_registration_application:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D4FBB62-782F-45E4-A27C-B53C69F66366"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}