In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2021-09-29T13:55:15.155975Z
Updated: 2024-09-16T17:48:21.846Z
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25960
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-29T14:15:07.953
Modified: 2021-10-07T16:49:19.927
Link: CVE-2021-25960
Redhat
No data.