{"vulnerability": "cve-2024-9102", "sightings": [{"uuid": "2cf78676-5345-4d05-a47c-a156e1ad0613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9102", "type": "seen", "source": "https://t.me/cvedetector/13330", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-9102 - Apache phpLDAPadmin CSV Formula Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-9102 \nPublished : Dec. 19, 2024, 2:15 p.m. | 22\u00a0minutes ago \nDescription : phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T15:39:20.000000Z"}, {"uuid": "0fbcf5c2-7761-44b2-b6c5-dca823cfb984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9102", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldo2p47vkt2a", "content": "", "creation_timestamp": "2024-12-19T14:15:39.686729Z"}, {"uuid": "e807d45d-fe14-432e-9776-8372306140b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9102", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113679798779790200", "content": "", "creation_timestamp": "2024-12-19T13:47:50.719513Z"}, {"uuid": "8b43dc04-6ed8-4916-a346-b3dd8b1969b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9102", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12012", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-9102\n\ud83d\udd25 CVSS Score: 5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:L)\n\ud83d\udd39 Description: phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export.\n\ud83d\udccf Published: 2024-12-19T13:41:24.263Z\n\ud83d\udccf Modified: 2025-04-16T11:41:48.766Z\n\ud83d\udd17 References:\n1. https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/\n2. https://github.com/leenooks/phpLDAPadmin/commit/ea17aadef46fd29850160987fe7740ceed1381ad#diff-93b9f3e6d4c5bdacf469ea0ec74c1e9217ca6272da9be5a1bfd711f7da16f9e3R240\n3. https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0\n4. https://github.com/leenooks/phpLDAPadmin/issues/274#issuecomment-2586859072", "creation_timestamp": "2025-04-16T11:56:51.000000Z"}]}