CVE-2023-48029
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/11/2023
Last modified:
29/09/2025
Description
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Impact
Base Score 3.x
8.00
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:corebos:corebos:*:*:*:*:*:*:*:* | 8.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5
- https://nitipoom-jar.github.io/CVE-2023-48029/
- https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48029
- https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5
- https://nitipoom-jar.github.io/CVE-2023-48029/