Unrated severityNVD Advisory· Published Nov 12, 2024· Updated Nov 19, 2024
CVE-2024-51094
CVE-2024-51094
Description
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Snipe-IT/Snipe-ITdescription
- Range: =7.0.13 build 15514
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.