CVE-2020-10131

CRITICAL

SearchBlox < 9.2.1 - CSV Macro Injection via Featured Results Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10131. PoCs published by InfoSec4Fun.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-10131, a CSV macro injection vulnerability in SearchBlox before version 9.2.1. The vulnerability allows remote attackers to inject malicious macros via the featured results parameter.

Description

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

Exploits (1)

nomisec WRITEUP
by InfoSec4Fun · poc
https://github.com/InfoSec4Fun/CVE-2020-10131

This repository contains a writeup describing CVE-2020-10131, a CSV macro injection vulnerability in SearchBlox before version 9.2.1. The vulnerability allows remote attackers to inject malicious macros via the featured results parameter.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: SearchBlox before 9.2.1
No auth needed
Prerequisites: Access to the admin interface URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0128
EPSS Percentile 66.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-1236
Status published
Products (1)
searchblox/searchblox < 9.2.1
Published Sep 06, 2023
Tracked Since Feb 18, 2026