CVE-2018-25135

Description

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like Name, Gender, or Position to trigger Excel macro execution when importing user data.