CVE-2022-40294

EPSS 0.47%
Veröffentlicht 31.10.2022 21:15:13
Zuletzt bearbeitet 06.05.2025 15:15:59
Quelle vdp@themissinglink.com.au
CVE-Watchlists
Login
Unerledigt
Login

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phppointofsale ≫ Php Point Of Sale Version19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.641

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

https://www.themissinglink.com.au/security-advisories/cve-2022-40294

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-40294

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40294

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40294

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-40294