Incorta CSV Injection Vulnerability in Edit Insight Handler

Vulnerability

A CSV injection vulnerability has been identified in Incorta version 2023.4.3. The issue arises in the Edit Insight Handler component, where an unknown function improperly handles the Service Name argument, allowing for remote exploitation. The vulnerability was disclosed to the vendor, but no response was received.

Impact

Exploitation of this vulnerability allows for CSV injection, where an attacker can manipulate the output of a CSV file to execute malicious commands or scripts when the file is opened.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Incorta CSV Injection Vulnerability in Edit Insight Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating