Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import
Vulnerability Description
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
引号语法转义处理不恰当
Vulnerability Title
Anviz AIM CrossChex Standard 安全漏洞
Vulnerability Description
Anviz AIM CrossChex Standard是美国Anviz公司的一个考勤与门禁管理软件。 Anviz AIM CrossChex Standard 4.3.6.0版本存在安全漏洞,该漏洞源于用户导入字段可插入恶意公式,可能导致CSV注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A