KWHotel CSV Formula Injection Vulnerability in Invoice Addition Function
Vulnerability
A CSV formula injection vulnerability has been identified in KWHotel version 0.47, specifically within the invoice adding function. This issue arises because the application fails to properly validate input in the customer search field, allowing attackers to embed malicious payloads that can be exported to a CSV file, leading to the execution of arbitrary commands.
Impact
Exploitation of this vulnerability allows for CSV formula injection, where embedded formulas can be executed when the CSV file is opened, potentially leading to the execution of arbitrary commands.
Reproduction
To reproduce this vulnerability, navigate to the Accounting tab in KWHotel version 0.47. When adding an invoice, enter a payload in the customer search field that includes a crafted CSV formula, such as one that uses the SUM function combined with a command execution payload. The input is not validated, allowing the injection to be successful.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.