Xujeff Tianti CSV Injection Vulnerability in User Export Function

A CSV injection vulnerability has been identified in Xujeff Tianti versions through 2.3. The issue arises in the 'exportOrder' function within the 'com.jeff.tianti.controller' component, specifically in the file '/tianti-module-admin/user/ajax/save'. This vulnerability allows low-privilege users to inject malicious input that, when the exported CSV file is opened in a spreadsheet application like Microsoft Excel, could execute commands on the user's machine.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the machine where the manipulated CSV file is opened.

Reproduction

To reproduce this vulnerability, log into the Tianti CMS as a low-privilege user. Inject malicious input, such as spreadsheet formulas starting with '=', into the user list. When the CSV is exported and opened, double-clicking the injected cell will execute the embedded command.