The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25445
Reference (s):
- https://medium.com/@singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e