CVE-2023-48709
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-48709
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48709.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-48709
- Aliases
-
- GHSA-9q3x-9987-53x9
- Published
- 2024-04-15T17:43:05Z
- Modified
- 2025-11-04T20:16:19.213822Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- iTop vulnerable to potential formula injection in Excel/CSV export file
- Details
-
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0.
- Database specific
{ "cwe_ids": [ "CWE-1236", "CWE-74" ] }- References
Affected packages
Git / github.com/combodo/itop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/combodo/itop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.7.9" } ] }
Affected versions
1.*
1.0.8
2.*
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.0-a
2.6.0-products
2.6.1
2.6.2
2.6.2-1
2.6.2-2
2.6.3
2.6.4
2.7.0
2.7.0-1
2.7.0-2
2.7.0-alpha1
2.7.0-beta
2.7.0-beta2
2.7.0-rc
2.7.0-rc2
2.7.1
2.7.10
2.7.2
2.7.2-1
2.7.3
2.7.3-1
2.7.3-2
2.7.4
2.7.5
2.7.5-1
2.7.5-2
2.7.6
2.7.7
2.7.8
2.7.9
3.*
3.0.0
3.0.1
3.0.1-designer-feature-lot1
3.0.1-designer-feature-lot2
3.0.2
3.0.2-1
3.0.2-rc1
3.0.3
3.0.3-1
3.0.3-designer-php8.0-compatibility
3.1.0
3.1.0-1
3.1.0-2
3.1.0-3
3.1.0-designer-2
Other
N1963
N2011
N2016
N941
N941-2
itop-carbon