Primary

Context

Alfasado PowerCMS Improper Neutralization of Formula Elements in CSV Files Vulnerability

Vulnerability

Patched

A vulnerability exists in multiple versions of PowerCMS, including the 6.x, 5.x, and 4.x series, prior to the latest release. This vulnerability arises from the software's improper handling of formula elements in CSV files. When a user creates a malformed entry and another user downloads it as a CSV file, the embedded code may be executed upon opening the file in their environment.

Impact

Exploitation of this vulnerability allows for the execution of embedded code in the user's environment who opens the downloaded CSV file.

Remediation

Users are advised to update PowerCMS to the latest version. Instructions for updating can be found on the PowerCMS website.

Added: Jul 31, 2025, 8:25 AM

Updated: Jul 31, 2025, 8:25 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alfasado PowerCMS Improper Neutralization of Formula Elements in CSV Files Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Alfasado PowerCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating