Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoDB - CSV Injection in User Management
Vulnerability Description
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
NocoDB 安全漏洞
Vulnerability Description
NocoDb是一个开源 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB存在安全漏洞,该漏洞源于NocoDB中,0.81.0到0.83.8版本受到CSV注入漏洞(公式注入)的影响。低特权攻击者可利用该漏洞可以创建一个新表,将有效负载注入表行中。当管理员访问User Management端点并将数据导出为CSV文件并打开它时,将执行有效负载。
CVSS Information
N/A
Vulnerability Type
N/A