Filtered by vendor Rajodiya
Subscriptions
Filtered by product Erpgo Saas
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54348 | 1 Rajodiya | 1 Erpgo Saas | 2026-05-06 | 8.8 High |
| ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications. | ||||
Page 1 of 1.