CVE-2022-1544

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/luyadev/yii-helpers

Identifiers

GHSA-f9p3-h6cg-2cjr, CVE-2022-1544

Package Slug

packagist/luyadev/yii-helpers

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.

Affected Versions

All versions before 1.2.1

Solution

Upgrade to version 1.2.1 or above.

Last Modified

2022-05-04

source