Home > Vulnerability Database > CVE-2021-43515

Mend.io Vulnerability Database

CVE-2021-43515

Date: April 8, 2022

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.

Language: PHP

Severity Score

7.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-43515

Url: https://github.com/kevinpapst/kimai2/pull/2532

Url: https://github.com/kevinpapst/kimai2

Url: https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf

Url: https://www.mend.io/vulnerability-database/CVE-2021-43515

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Formula Elements in a CSV File

CWE-1236

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-43515

Date: April 8, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?