CVE-2020-25445

Published: Jul 14, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25445

Description

Affected Products

References