Login Sign Up

CVE-2023-3302

7.8 HIGH

📋 TL;DR

This vulnerability allows CSV formula injection in Admidio, enabling attackers to execute arbitrary commands or exfiltrate data when users open malicious CSV files. It affects Admidio installations prior to version 4.2.9. Users who import CSV files into Admidio are at risk.

💻 Affected Systems

Products:
  • Admidio
Versions: All versions prior to 4.2.9
Operating Systems: All platforms running Admidio
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in CSV import functionality; requires user interaction to open malicious CSV file.

📦 What is this software?

Admidio by Admidio

View all CVEs affecting Admidio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment if combined with other vulnerabilities.

🟠

Likely Case

Data exfiltration, privilege escalation, or unauthorized access to sensitive information through formula injection.

🟢

If Mitigated

Limited impact with proper input validation and user education about opening untrusted CSV files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user to import malicious CSV file; proof-of-concept available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.9

Vendor Advisory: https://github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f

Restart Required: No

Instructions:

1. Backup your Admidio installation and database. 2. Download Admidio 4.2.9 or later from official repository. 3. Replace existing files with patched version. 4. Verify installation integrity.

🔧 Temporary Workarounds

Disable CSV Import

all

Temporarily disable CSV import functionality until patching is complete.

Modify Admidio configuration to remove CSV import permissions

Input Validation Filter

all

Implement server-side filtering for CSV formula elements.

Add input sanitization for CSV data before processing

🧯 If You Can't Patch

  • Restrict CSV import permissions to trusted administrators only
  • Implement network segmentation to isolate Admidio server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Admidio version in administration panel or via version.php file; versions below 4.2.9 are vulnerable.

Check Version:

Check Admidio admin panel or view version.php file content

Verify Fix Applied:

Verify version is 4.2.9 or higher and test CSV import with formula elements to ensure proper neutralization.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CSV import activity
  • Formula elements in CSV processing logs
  • Unexpected system command execution

Network Indicators:

  • Suspicious outbound connections following CSV imports
  • Data exfiltration patterns

SIEM Query:

Search for CSV file imports containing formula characters like =, +, -, @ followed by unusual system activity

📊 Metadata

CVE ID: CVE-2023-3302
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-1236
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3302, you might also want to check these:

CVE-2022-45360 9.8

This vulnerability allows CSV injection attacks in the WordPress Commenter Emails plugin. Attackers ...

Same vulnerability type (CWE-1236)
CVE-2022-45810 9.8

This CVE describes a CSV injection vulnerability in the Icegram Express WordPress plugin. Attackers ...

Same vulnerability type (CWE-1236)
CVE-2022-46803 9.8

This vulnerability allows unauthenticated attackers to inject malicious formulas into CSV files expo...

Same vulnerability type (CWE-1236)