โ† Back to Dashboard

CVE-2023-54348

HIGH NVD
CVSS Score
8.8
Severity
HIGH
Source
NVD
Published
May 05, 2026
Description

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications.

View Full Details โ† Back