CVE-2025-14229
BaseFortify
Publication date: 2025-12-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | inventory_management_system | 1.0 |
| warren-daloyan | inventory_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CSV injection in the SourceCodester Inventory Management System 1.0, specifically in an unknown function of the SVC Report Export component. It allows an attacker to manipulate CSV files generated by the system, potentially injecting malicious content. The attack can be launched remotely and the exploit has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability can lead to CSV injection attacks, which may allow an attacker to execute malicious commands or scripts when a user opens the exported CSV file. This can compromise the confidentiality, integrity, and availability of data, potentially leading to data leakage or system compromise.