Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
tiki tiki 17.1 |
Vulmon