CVE-2018-25135

EIP tracks 1 public exploit for CVE-2018-25135. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates CSV injection in Anviz AIM CrossChex Standard 4.3, allowing arbitrary command execution via Excel macro formulas inserted into user fields. The PoC shows how an attacker can trigger command execution (e.g., launching mspaint) by manipulating the 'Name' or custom fields during user import/export.

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.