CVE-2022-26867
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-26867
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1236
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dell EMC PowerStore 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dell EMC PowerStore是美国戴尔(Dell)公司的一款存储设备。 Dell EMC PowerStore v2.1.1.0版本存在安全漏洞,该漏洞源于数据按原样获取,无需任何验证或消毒。攻击者利用该漏洞可以注入有效载荷。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dell | PowerStore | unspecified ~ PowerStore SW v2.1.1.0 | - |
II. Public POCs for CVE-2022-26867
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-26867
请登录查看更多情报信息。
- https://www.dell.com/support/kbdoc/000196367x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-26867
Same Patch Batch · Dell · 2022-06-02 · 8 CVEs total
| CVE-2022-26869 | 9.8 CRITICAL | Dell EMC PowerStore 安全漏洞 |
| CVE-2022-29084 | 8.1 HIGH | 多款Dell产品安全漏洞 |
| CVE-2022-22557 | 7.5 HIGH | Dell EMC PowerStore 授权问题漏洞 |
| CVE-2022-29085 | 6.4 MEDIUM | 多款Dell产品安全漏洞 |
| CVE-2022-26868 | 6.4 MEDIUM | Dell EMC PowerStore 操作系统命令注入漏洞 |
| CVE-2022-26866 | 5.5 MEDIUM | Dell EMC PowerStore 跨站脚本漏洞 |
| CVE-2022-22556 | 3.7 LOW | Dell EMC PowerStore 资源管理错误漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-1236
- CVE-2026-42267
Kimai: Formula Injection via tag names in XLSX export - CVE-2026-27644
traccar allows CSV formula injection via exported position d - CVE-2023-54348
ERPGo SaaS 3.9 CSV Injection via Vendor Creation - CVE-2026-39424
MaxKB has CSV Injection in its Application Chat Export Funct - CVE-2026-24447
Movable Type 安全漏洞
V. Comments for CVE-2022-26867
No comments yet