CVE-2023-3493

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 30, 2023

Updated: Jul 6, 2023

CWE ID 22

Summary

CVE-2023-3493 denotes a vulnerability in the fossbilling GitHub repository version 0.5.2 and below. This issue involves improper neutralization of Formula Elements in a CSV file format. Maliciously crafted CSV files can exploit this vulnerability, leading to potential code injection and unauthorized execution. Attackers can manipulate the CSV files, bypassing input validation and gaining unintended access to the system, resulting in serious security risks. It is strongly recommended that users update to the latest version, fossbilling 0.5.3, to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rswuMA
https://www.cve.org/CVERecord?id=CVE-2023-3493
https://nvd.nist.gov/vuln/detail/CVE-2023-3493

Back to Vulnerability Database

CVE-2023-3493

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations