Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-44830 PoC — Event Registration App 安全漏洞

Source
https://github.com/RashidKhanPathan/CVE-2022-44830
Associated Vulnerability
Title:Event Registration App 安全漏洞 (CVE-2022-44830)
Description:Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
Readme
> [Suggested description]
> Sourcecodester Event Registration App v1.0 was discovered to contain
> multiple CSV injection vulnerabilities via the First Name, Contact and
> Remarks fields. These vulnerabilities allow attackers to execute
> arbitrary code via a crafted excel file.
>
> ------------------------------------------
>
> [Additional Information]
> Proof of Concept: https://drive.google.com/file/d/17rSb8GLFPQfqnVFI56AYffbVMDg8z75t/view?usp=sharing
> Vendor Homepage: https://www.sourcecodester.com/javascript/15214/event-registration-app-export-csv-javascript-free-source-code.html
> Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/registration.zip
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> CSV Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> Sourcecodester
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Event Registration App with Export to CSV in JavaScript - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Source Code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> in order to exploit this Vulnerability, the attacker need to insert an Excel Formula into the First Name, Contact, and Remarks fields, then click on Save then Click on Export to CSV and then click on Downloaded CSV in Excel once attacker open the Downloaded CSV File in Excel the Payload will Execute
>
> ------------------------------------------
>
> [Reference]
> https://drive.google.com/file/d/17rSb8GLFPQfqnVFI56AYffbVMDg8z75t/view?usp=sharing
> https://www.sourcecodester.com/javascript/15214/event-registration-app-export-csv-javascript-free-source-code.html
> https://www.sourcecodester.com/sites/default/files/download/oretnom23/registration.zip
>
> ------------------------------------------
>
> [Discoverer]
> RashidKhan Pathan

Use CVE-2022-44830.
File Snapshot

 [4.0K]  /data/pocs/638e9806722329d4669a9f2e3383bcf7cec82d7a
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →