CVE-2018-25135
CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
Affected Platforms (CPE)
No CPE configurations currently published for this record.