CVE-2023-29918
MEDIUMRosarioSIS 10.8.4 - CSV Injection via Periods Module
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-29918. PoCs published by Ranjeet Jaiswal.
AI-analyzed exploit summary This is a writeup describing a CSV Injection vulnerability in RosarioSIS 10.8.4, where malicious payloads can be injected into exported CSV/XLS files, leading to potential redirection to malicious websites when opened by users.
Description
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ranjeet Jaiswal · textwebappsphp
https://www.exploit-db.com/exploits/51622
This is a writeup describing a CSV Injection vulnerability in RosarioSIS 10.8.4, where malicious payloads can be injected into exported CSV/XLS files, leading to potential redirection to malicious websites when opened by users.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
RosarioSIS 10.8.4
Auth required
Prerequisites:
Access to RosarioSIS with sufficient privileges to modify Periods data · User interaction to export and open the malicious file
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing
Scores
CVSS v3
5.4
EPSS
0.0583
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1236
Status
published
Products (2)
francoisjacquet/rosariosis
0Packagist
rosariosis/rosariosis
10.8.4
Published
May 02, 2023
Tracked Since
Feb 18, 2026