Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTop vulnerable to potential formula injection in Excel/CSV export file
Vulnerability Description
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
iTop 安全漏洞
Vulnerability Description
iTop是一个提供优化 iTop 所需的所有资源的平台。 iTop 2.7.9, 3.0.4, 3.1.1 和 3.2.0 版本存在安全漏洞,该漏洞源于当从后台或门户以 CSV 或 Excel 文件形式导出数据时,用户的输入可能包含可能导入到 Excel 中的恶意公式。
CVSS Information
N/A
Vulnerability Type
N/A