Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Subrion |
Intelliants |
4.2.1 (including) |
4.2.1 (including) |
References