Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dirsearch 0.4.1 - CSV Injection
Vulnerability Description
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
dirsearch 安全漏洞
Vulnerability Description
dirsearch是Mauro Soria个人开发者的一个网络扫描器。 dirsearch 0.4.1版本存在安全漏洞,该漏洞源于使用--csv-report标志时对重定向端点处理不当,可能导致攻击者注入公式。
CVSS Information
N/A
Vulnerability Type
N/A