CVE-2024-29375

CRITICAL

Addactis IBNRS <3.10.3.107 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29375. PoCs published by ismailcemunver.

AI-analyzed exploit summary This repository documents a CSV injection vulnerability in Addactis IBNRS 3.10.3.107, where malicious Excel formulas can be injected into project parameters and executed when exported to Excel. The PoC demonstrates command execution via formula injection in fields like Project Description.

Description

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

Exploits (1)

nomisec WRITEUP

by ismailcemunver · poc

https://github.com/ismailcemunver/CVE-2024-29375

View Code ZIP pw:eip

This repository documents a CSV injection vulnerability in Addactis IBNRS 3.10.3.107, where malicious Excel formulas can be injected into project parameters and executed when exported to Excel. The PoC demonstrates command execution via formula injection in fields like Project Description.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Addactis IBNRS 3.10.3.107

Auth required

Prerequisites: Access to Addactis IBNRS with permissions to modify project parameters · Victim interaction to export and open the malicious file in Excel

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/ismailcemunver/CVE-2024-29375

Scores

CVSS v3 9.8

EPSS 0.0146

EPSS Percentile 70.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1236

Status published

Published Apr 04, 2024

Tracked Since Feb 18, 2026