Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Knockpy 4.1.1 - CSV Injection
Vulnerability Description
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
Knock Subdomain Scan 安全漏洞
Vulnerability Description
Knock Subdomain Scan是Gianni Amato个人开发者的一个域名扫描工具。 Knock Subdomain Scan 4.1.1版本存在安全漏洞,该漏洞源于未过滤服务器标头,可能导致CSV注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A