Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Formula injection in a CSV file in Proget MDM
Vulnerability Description
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
CVSS Information
N/A
Vulnerability Type
CWE-1236
Vulnerability Title
Inedo ProGet 安全漏洞
Vulnerability Description
Inedo ProGet是Inedo公司的一个包管理系统。 Inedo ProGet 2.17.5之前版本存在安全漏洞,该漏洞源于设备激活数据可能被高权限用户下载为CSV文件并导致PC损坏,攻击者可获得远程访问权限。
CVSS Information
N/A
Vulnerability Type
N/A