Share>Address Book>Export is vulnerable to CSV Injection.
You can enter commands in ADD NEW ADDRESS feature and when you export it as an excel file, the commands can get executed which can be highly dangerous.
Please give appropriate credits for the same as this is the second critical security bug which I have reported and I did not get any credits for the first one. https://github.com/ryanhowdy/fcms/issues/537
Share>Address Book>Export is vulnerable to CSV Injection.
You can enter commands in ADD NEW ADDRESS feature and when you export it as an excel file, the commands can get executed which can be highly dangerous.
Here is the link explaining the same: https://hackerone.com/reports/72785.
Please give appropriate credits for the same as this is the second critical security bug which I have reported and I did not get any credits for the first one. https://github.com/ryanhowdy/fcms/issues/537
There is a $15 open bounty on this issue.