Testing confidential data
Batman Security Risks: With the successful exploitation of this vulnerability, a malicious user can execute arbitrary system command, depending on user privilege, such as creating the backdoor user, remote code execution, deleting the entire file directory etc. in the victim machine by embedding the content in CSV file. Technical Description: CSV Injection, also known as Formula Injection vulnerability, arises when untrusted input is embedded directly to comma-separated-values (CSV) files as data for subsequent import into a spreadsheet. Such input can be maliciously crafted to break the data/code barrier in spreadsheet software and result in unintended command and program execution. Steps to Reproduce With POC: 1. Navigate to the URL: https://staging2.alphalearn.com/ Open URL and now append.