Vulnerability type: Other (CSV Injection)
Attack type: Local
Impact: Code execution
Affected components: Exported CSV files with personal data that are imported into a spreadsheet software
Attack vectors: If a person saves data (like their username) beginning with certain characters, e.g. = or + etc. then the data when added into a spreadsheet program will be interpreted as a command. This allows one to create a malicious string so that they can exploit spreadsheet vulnerabilities. Mahara itself is not vulnerable, but it can be the vector of transmission.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command and execute a malicious string locally on a device.
For the security forum post:
Vulnerability type: Other (CSV Injection)
Attack type: Local
Impact: Code execution
Affected components: Exported CSV files with personal data that are imported into a spreadsheet software
Attack vectors: If a person saves data (like their username) beginning with certain characters, e.g. = or + etc. then the data when added into a spreadsheet program will be interpreted as a command. This allows one to create a malicious string so that they can exploit spreadsheet vulnerabilities. Mahara itself is not vulnerable, but it can be the vector of transmission.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command and execute a malicious string locally on a device.
Reported by: Saksham Anand (Catalyst IT) /bugs.launchpad .net/mahara/ +bug/1930471
Bug report: https:/
CVE reference: CVE-2021-40848