CVE-2018-9107

HIGH

Acyba AcyMailing <5.9.6 - CSV Injection

Title source: llm

Description

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sureshbabu Narvaneni · textwebappsphp

https://www.exploit-db.com/exploits/44369

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.acyba.com/acymailing/change-log.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44369/

Third Party Advisory x_refsource_misc

https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection

Third Party Advisory x_refsource_misc

https://vel.joomla.org/articles/2140-introducing-csv-injection

Scores

CVSS v3 8.8

EPSS 0.1199

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

acyba/acymailing < 5.9.5

Published Mar 28, 2018

Tracked Since Feb 18, 2026