EIP-2026-102416

PRE-CVE

Oracle Siebel CRM 8.1.1 - CSV Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102416. PoCs published by Sarath Nair.

AI-analyzed exploit summary This is a writeup describing a CSV injection vulnerability in Oracle Siebel CRM 8.1.1 and below. The vulnerability allows an attacker to inject malicious Excel functions into user input fields, which execute when the victim exports and opens the CSV file in Microsoft Excel.

Description

Oracle Siebel CRM 8.1.1 - CSV Injection

Exploits (1)

exploitdb WRITEUP

by Sarath Nair · textwebappsjava

https://www.exploit-db.com/exploits/45643

View Code ZIP pw:eip

This is a writeup describing a CSV injection vulnerability in Oracle Siebel CRM 8.1.1 and below. The vulnerability allows an attacker to inject malicious Excel functions into user input fields, which execute when the victim exports and opens the CSV file in Microsoft Excel.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Oracle Siebel CRM Version 8.1.1 and below

Auth required

Prerequisites: Access to user input fields in Siebel CRM · Victim must export and open the CSV file in Microsoft Excel

MITRE ATT&CK

T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026