CSV Injection while export users in thorsten/phpmyfaq
Valid
Reported on
Jun 30th 2023
1 admin add a user, or a user signup.
2 the user logins and edit himeself
3 the user change his realname as "=1+cmd|'/C calc'!A0"
4 admin go to export the users as a csv file
5 admin open the csv and we can see that the calculator is opened.
see https://owasp.org/www-community/attacks/CSV_Injection to fix it.
Impact
Hijacking the user’s computer
Exfiltrating contents from the spreadsheet, or other open spreadsheets.
Exporting Comments is also vulnerabe.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
3 months ago
We have contacted a member of the
thorsten/phpmyfaq
team and are waiting to hear back
3 months ago
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Jul 31st 2023
Additional fix: https://github.com/thorsten/phpMyFAQ/commit/e16daf99c28b47a205f74004681f3e2e6a842723
to join this conversation