An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-02-04T21:00:00

Updated: 2024-08-05T12:12:28.533Z

Reserved: 2019-02-04T00:00:00

Link: CVE-2018-20752

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-02-04T21:29:00.580

Modified: 2024-11-21T04:02:05.850

Link: CVE-2018-20752

cve-icon Redhat

No data.