Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Booking Core 安全漏洞
Vulnerability Description
Booking Core是一个应用软件。一个基于Laravel的预订系统,专为旅游网站、商城、旅行社、旅行社、民宿、别墅出租、度假村出租、Make Travel 网站而设计。 Booking Core 存在安全漏洞,该漏洞源于Ultimate Booking System1.7.0中的订阅功能容易受到CSV公式注入的影响。攻击者可利用该漏洞当后台管理员下载并打开csv时,单元格的内容将被执行。
CVSS Information
N/A
Vulnerability Type
N/A