This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A CSV Injection flaw in **dirsearch** v0.4.1. When using the `--csv-report` flag, the tool mishandles redirect endpoints.β¦
π¦ **Affected**: **dirsearch** version **0.4.1**. <br>π€ **Vendor**: **Mauro Soria** (Personal Developer). <br>β οΈ **Scope**: Any user running this specific version with the `--csv-report` option is at risk.
Q4What can hackers do? (Privileges/Data)
π» **Attacker Actions**: <br>1οΈβ£ **Code Execution**: Run arbitrary commands via Excel formulas (e.g., `=cmd|' /C calc'!A1`). <br>2οΈβ£ **Data Exfiltration**: Read local files or network resources.β¦
π **Self-Check**: <br>1οΈβ£ Check your dirsearch version: `dirsearch --version`. <br>2οΈβ£ Look for usage of `--csv-report`. <br>3οΈβ£ Inspect generated CSV files for cells starting with `=`, `+`, `-`, or `@`.β¦
π οΈ **Official Fix**: **YES**. <br>π **Patch**: The issue is resolved in versions **post-0.4.1**. <br>β **Mitigation**: Update to the latest version from the [GitHub Repository](https://github.com/maurosoria/dirsearch).β¦
π₯ **Urgency**: **HIGH**. <br>π **Priority**: Patch immediately. <br>π‘ **Reason**: CVSS Score is **High** (9.8+ implied by vector). Easy to exploit, no auth needed, and affects security tools used by professionals.β¦