CVE-2020-13247

HIGH

BooleBox Secure File Sharing Utility <4.2.3.0 - Code Injection

Title source: llm

Description

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.

References (2)

[Exploit, Third Party Advisory] https://members.backbox.org/boolebox-secure-sharing-multiple-vulnerabilities/

[Vendor Advisory] https://app.boolebox.com/release/vulnerabilities/CVE-2020-13247-13248.html

Scores

CVSS v3 7.3

EPSS 0.0066

EPSS Percentile 71.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

boolebox/boolebox < 4.2.3.0

Published Jun 24, 2020

Tracked Since Feb 18, 2026