CNNVD-202601-4727 Information
CNNVD ID
CNNVD-202601-4727
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Tendenci是美国Tendenci公司的一款主要用于非营利组织和协会的协会管理软件。该软件支持会员管理、内容管理、事件管理和网上捐款管理等功能。 Tendenci 12.3.1版本存在安全漏洞,该漏洞源于联系表单消息字段存在CSV公式注入,可能导致执行任意命令。
Description (English)
Tendenci is an association management software for non-profit organizations and associations in the United States of America. The software supports member management, content management, event management and online contribution management functions. There is a security loophole in version 12.3.1 of Tendencia, which stems from the introduction of CSV formulae in the contact form message field, which may lead to the execution of arbitrary orders.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Tendenci
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/tendenci/tendenci https://www.exploit-db.com/exploits/49145 https://www.tendenci.com/ https://www.vulncheck.com/advisories/tendenci-csv-formula-injection
Patch
https://github.com/tendenci/tendenci/releases
Share on: