Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 29 Sep 2025 14:00:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-29T13:44:13.787Z

Reserved: 2023-11-13T00:00:00.000Z

Link: CVE-2023-48029

cve-icon Vulnrichment

Updated: 2024-08-02T21:23:37.930Z

cve-icon NVD

Status : Modified

Published: 2023-11-17T13:15:09.143

Modified: 2025-09-29T14:16:42.197

Link: CVE-2023-48029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.