AttackFeed by Joe Wagner | CSV Injection in iDempiere WebUI 12.0.0.202508171158  - Full Disclosure

CSV Injection in iDempiere WebUI 12.0.0.202508171158  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Ron E on Aug 18

A CSV Injection vulnerability exists in iDempiere WebUI
v12.0.0.202508171158. The application fails to properly sanitize
user-supplied input before including it in exported CSV files. An
authenticated attacker can inject malicious spreadsheet formulas
(e.g., =cmd|’/C
notepad’!A1) into fields that are later exported. When the CSV is opened in
spreadsheet software such as Microsoft Excel or LibreOffice Calc, the
injected formula is…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Directory Traversal “Site Title” – bluditv3.16.2  – Full Disclosure
July 7, 2025
Alert Feeds
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal  – Full Disclosure
July 28, 2025
Alert Feeds
KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery  – Full Disclosure
July 9, 2025
Alert Feeds
liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service  – Full Disclosure
August 18, 2025
AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.