CVE-2025-9241
BaseFortify
Publication date: 2025-08-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eladmin | eladmin | to 2.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the elunez eladmin software up to version 2.7, specifically in the exportUser function. It allows an attacker to perform CSV injection by manipulating the exported CSV data. The attack can be initiated remotely, and the exploit is publicly available.
How can this vulnerability impact me? :
The vulnerability can lead to CSV injection attacks, which may allow an attacker to execute malicious commands or code when a user opens the exported CSV file. This can result in unauthorized actions, data compromise, or further exploitation of the system.