Medium severity5.5NVD Advisory· Published Jan 23, 2018· Updated Jun 17, 2026
CVE-2017-18049
CVE-2017-18049
Description
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/frameworkPackagist | < 3.5.6 | 3.5.6 |
silverstripe/frameworkPackagist | >= 3.6.0, < 3.6.3 | 3.6.3 |
silverstripe/frameworkPackagist | >= 4.0.0, < 4.0.1 | 4.0.1 |
Affected products
1Patches
Vulnerability mechanics
References
5- www.exploit-db.com/exploits/43396/nvdExploitThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-2jvj-mhf2-g99wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18049ghsaADVISORY
- www.silverstripe.org/download/security-releases/ss-2017-007nvdVendor AdvisoryWEB
- www.exploit-db.com/exploits/43396ghsaWEB
News mentions
0No linked articles in our index yet.