Jump to content


[FG-VD-19-088] LiveZilla Server is vulnerable to CSV Injection

csv injection export bug security

4 replies to this topic

#1 tsug0d_

    Member

  • Members
  • PipPip
  • 16 posts

Posted 25 June 2019 - 09:07 AM

Vulnerability Notification
June 25, 2019
Tracking Case #: FG-VD-19-088
Fortinet's FortiGuard Labs have discovered a security issue in your LiveZilla Server product. We estimate its risk to 3, on a scale of 1 (lowest) to 5 (highest), in terms of its impact. Please advise of the appropriate contact person in your company to handle this issue.
Fortinet's research remains ethical at all times, and we therefore strive to Responsible Disclosure. Fortinet vulnerability disclosure policy can be found at https://fortiguard.c...ble-disclosure

Please find a details report in attachment.

Attached Files



#2 Patrick Keil

    Administrator

  • Administrators
  • 3830 posts
  • LocationSingen, Germany

Posted 25 June 2019 - 09:48 AM

Hi,

Thanks for bringing this to our attention.

I can confirm this issue. A fix will be included in our todays update 8.0.1.1.

Thanks again.

#3 tsug0d_

    Member

  • Members
  • PipPip
  • 16 posts

Posted 25 June 2019 - 10:02 AM

That's all I found :)

#4 Patrick Keil

    Administrator

  • Administrators
  • 3830 posts
  • LocationSingen, Germany

Posted 25 June 2019 - 10:27 AM

Perfect, time to release.

Thanks again.

#5 tsug0d_

    Member

  • Members
  • PipPip
  • 16 posts

Posted 25 June 2019 - 02:07 PM


Thanks for fast response & fix timeline, update cve id: CVE-2019-12961






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users