CVE-2025-9241— elunez eladmin exportUser csv injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-9241
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
elunez eladmin exportUser csv injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1236
Source: NVD (National Vulnerability Database)
Vulnerability Title
ELADMIN 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ELADMIN是elunez个人开发者的一个后台管理系统。 ELADMIN 2.7及之前版本存在安全漏洞,该漏洞源于exportUser函数未对导出 CSV 内容做转义过滤,导致远程攻击者可注入恶意 CSV 载荷。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-9241
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-9241
请登录查看更多情报信息。
Same Patch Batch · elunez · 2025-08-20 · 3 CVEs total
| CVE-2025-9240 | 4.3 MEDIUM | elunez eladmin info information disclosure |
| CVE-2025-9239 | 3.7 LOW | elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption |
IV. Related Vulnerabilities
Same product: eladmin
- CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac - CVE-2025-10084
elunez eladmin SysLogController 1 queryErrorLogDetail improp - CVE-2025-10014
elunez eladmin Email Address updateEmail updateUserEmail imp - CVE-2025-9937
elunez eladmin LocalStorageController deleteFile improper au - CVE-2025-9240
elunez eladmin info information disclosure
Same vendor: elunez
- CVE-2025-10084
elunez eladmin SysLogController 1 queryErrorLogDetail improp - CVE-2025-10014
elunez eladmin Email Address updateEmail updateUserEmail imp - CVE-2025-9937
elunez eladmin LocalStorageController deleteFile improper au - CVE-2025-9240
elunez eladmin info information disclosure - CVE-2025-9239
elunez eladmin DES Key EncryptUtils.java EncryptUtils inadeq
Same weakness: CWE-1236
- CVE-2026-42267
Kimai: Formula Injection via tag names in XLSX export - CVE-2026-27644
traccar allows CSV formula injection via exported position d - CVE-2023-54348
ERPGo SaaS 3.9 CSV Injection via Vendor Creation - CVE-2026-39424
MaxKB has CSV Injection in its Application Chat Export Funct - CVE-2026-24447
Movable Type 安全漏洞
V. Comments for CVE-2025-9241
No comments yet