CVE-2023-54348
CSV Injection in ERPGo SaaS 3.9
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rajodiya | erpgo_saas | to 3.9 (inc) |
| erpgo | saas | 3.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CSV injection vulnerability in ERPGo SaaS 3.9 directly affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the system of anyone who opens the maliciously crafted CSV file.
Since the attacker must be authenticated to inject the payload, it can be used to escalate attacks within the ERPGo SaaS environment.
The impact includes potential compromise of sensitive data, unauthorized actions, and further exploitation of the affected system.
Can you explain this vulnerability to me?
CVE-2023-54348 is a CSV injection vulnerability found in ERPGo SaaS version 3.9. It allows authenticated attackers to inject malicious formula payloads into the vendor name field during vendor creation.
When the exported CSV file containing these malicious formulas is opened in spreadsheet applications like Microsoft Excel, the formulas execute arbitrary code on the victim's machine.
For example, an attacker can input a formula like =10+20+cmd|' /C calc'!A0, which triggers code execution when the CSV is opened.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves CSV injection via malicious formula payloads injected into vendor name fields in ERPGo SaaS 3.9. Detection involves identifying CSV files exported from the system that contain suspicious formula strings starting with '=' such as =10+20+cmd|' /C calc'!A0.
You can manually inspect exported CSV files for cells starting with '=' which may indicate injected formulas. Automated scanning scripts can be used to search for such patterns in CSV exports.
Since the vulnerability requires authentication and occurs during vendor creation, monitoring logs for unusual vendor name entries containing formula-like strings can help detect exploitation attempts.
Specific commands are not provided in the resources, but example approaches include using grep or similar tools to search CSV files for lines starting with '=' or containing suspicious commands.
- grep -r '^=' /path/to/exported/csv/files
- grep -r 'cmd|' /path/to/exported/csv/files
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vendor creation functionality to trusted authenticated users only, as the vulnerability requires authentication.
Sanitize and validate all input fields, especially vendor name fields, to prevent formula injection by disallowing or escaping characters like '=' at the start of input.
Avoid opening exported CSV files directly in spreadsheet applications without first inspecting or sanitizing them to prevent execution of malicious formulas.
Apply any available security patches or updates from the ERPGo SaaS vendor that address this vulnerability.
Monitor and audit logs for suspicious vendor creation entries containing formula payloads.