An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Recon-ng | Recon-ng_project | * | 4.9.5 (excluding) |
| Recon-ng | Ubuntu | bionic | * |
| Recon-ng | Ubuntu | cosmic | * |
| Recon-ng | Ubuntu | eoan | * |
| Recon-ng | Ubuntu | groovy | * |
| Recon-ng | Ubuntu | hirsute | * |
| Recon-ng | Ubuntu | impish | * |
| Recon-ng | Ubuntu | kinetic | * |
| Recon-ng | Ubuntu | upstream | * |