CVE-2021-46363: Formula Injection in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
Magnolia CMS - CVE-2021-46363.pdf		Magnolia CMS - CVE-2021-46363.pdf
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-46363: Formula Injection in Magnolia CMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

mbadanoiu/CVE-2021-46363

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-46363: Formula Injection in Magnolia CMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Stars

Watchers

Forks