Vulnerability Description
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magnolia-Cms | Magnolia Cms | < 6.2.4 |
Related Weaknesses (CWE)
References
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-MagnolRelease NotesVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46363-Formula%ExploitThird Party Advisory
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-MagnolRelease NotesVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46363-Formula%ExploitThird Party Advisory
FAQ
What is CVE-2021-46363?
CVE-2021-46363 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a...
How severe is CVE-2021-46363?
CVE-2021-46363 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46363?
Check the references section above for vendor advisories and patch information. Affected products include: Magnolia-Cms Magnolia Cms.