CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-25135

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile10.95th
Published2025年12月24日
Last Modified2026年4月15日

Vulnerability Description

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://www.anviz.com
🔗 https://www.exploit-db.com/exploits/45765
🔗 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
🔗 https://www.exploit-db.com/exploits/45765
🔗 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php

関連する脆弱性情報

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...