Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

N/A

CWE-1236

Inedo ProGet 安全漏洞

Inedo ProGet是Inedo公司的一个包管理系统。 Inedo ProGet 2.17.5之前版本存在安全漏洞，该漏洞源于设备激活数据可能被高权限用户下载为CSV文件并导致PC损坏，攻击者可获得远程访问权限。

N/A

N/A