CVE-2025-22978

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22978
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/elunez/eladmin/issues/863 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*
History

13 May 2025, 19:34

Type Values Removed Values Added
CPE cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*
First Time Eladmin
Eladmin eladmin
References () https://github.com/elunez/eladmin/issues/863 - () https://github.com/elunez/eladmin/issues/863 - Exploit, Issue Tracking, Vendor Advisory

13 Mar 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-74

18 Feb 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown
CWE CWE-77

04 Feb 2025, 16:15

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) eladmin &lt;=2.7 es vulnerable a la inyección CSV en el módulo de descarga del registro de excepciones.

03 Feb 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-03 20:15

Updated : 2025-05-13 19:34

NVD link : CVE-2025-22978

Mitre link : CVE-2025-22978

CVE.ORG link : CVE-2025-22978

JSON object : View

Products Affected

eladmin

  • eladmin
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')