Main Vulnerability Database Exploits ID:6237 - Exploit for CSV injection in AcySMS - CVE-2018-9106

ID:6237 - Exploit for CSV injection in AcySMS - CVE-2018-9106

Published: June 17, 2021

Vulnerability identifier: #VU12594

Vulnerability risk: Low

CVE-ID: CVE-2018-9106

CWE-ID: CWE-74

Exploitation vector: Remote access

Vulnerable software:
AcySMS

Link to public exploit:

https://www.exploit-db.com/exploits/44370/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists in the export feature in the Acyba AcySMS extension due to CSV Injection (aka Excel Macro Injection or Formula Injection). A remote attacker can execute arbitrary commands via a value that is mishandled in a CSV export.

Remediation

Update to version 3.5.1.

ID:6237 - Exploit for CSV injection in AcySMS - CVE-2018-9106

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human