Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ProjectSend r1605 CSV Injection via User Account Export Functionality
Vulnerability Description
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1236
Vulnerability Title
ProjectSend 安全漏洞
Vulnerability Description
ProjectSend(cFTP)是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend(cFTP) r1605版本存在安全漏洞,该漏洞源于用户配置文件名称字段清理不当,可能导致CSV注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A