CVE-2022-44830

HIGH

Sourcecodester Event Registration App v1.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-44830. PoCs published by RashidKhanPathan.

AI-analyzed exploit summary The repository describes a CSV injection vulnerability in Sourcecodester Event Registration App v1.0, where arbitrary code execution is possible via crafted Excel formulas in the First Name, Contact, and Remarks fields. The PoC is referenced in an external Google Drive link, but no actual exploit code is provided in the repository.

Description

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.

Exploits (1)

nomisec WRITEUP 1 stars

by RashidKhanPathan · poc

https://github.com/RashidKhanPathan/CVE-2022-44830

View Code ZIP pw:eip

The repository describes a CSV injection vulnerability in Sourcecodester Event Registration App v1.0, where arbitrary code execution is possible via crafted Excel formulas in the First Name, Contact, and Remarks fields. The PoC is referenced in an external Google Drive link, but no actual exploit code is provided in the repository.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Sourcecodester Event Registration App v1.0

No auth needed

Prerequisites: Access to the application's input fields (First Name, Contact, Remarks) · Ability to export data to CSV · Victim must open the crafted CSV file in Excel

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/RashidKhanPathan/CVE-2022-44830

Scores

CVSS v3 7.8

EPSS 0.0056

EPSS Percentile 41.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-1236

Status published

Products (1)

event_registration_application_project/event_registration_application 1.0

Published Nov 21, 2022

Tracked Since Feb 18, 2026