CVE-2020-5299

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).

• CVE ID
• CVE-2020-5299

• Assigner
• security-advisories@github.com

• Vulnerability Status
• Analyzed

• Published Version
• 2020-06-03T22:15:11

• Last Modified Date
• 2022-06-30T14:46:57

• Version
• 2.0

• Vector String
• AV:N/AC:H/Au:S/C:P/I:P/A:P

• Access Vector
• NETWORK

• Access Compatibility
• HIGH

• Authentication
• SINGLE

• Confidentiality Impact
• PARTIAL

• Integrity Impact
• PARTIAL

• Availability Impact
• PARTIAL

• Base Score
• 4.6

• Severity
• MEDIUM

• Exploitability Score
• 3.9

• Impact Score
• 6.4

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

• Attack Vector
• NETWORK

• Attack Compatibility
• HIGH

• Privileges Required
• HIGH

• User Interaction
• REQUIRED

• Scope
• CHANGED

• Confidentiality Impact
• LOW

• Availability Impact
• LOW

• Base Score
• 5.1

• Base Severity
• MEDIUM

• Exploitability Score
• 1

• Impact Score
• 3.7