CSV Injection Vulnerability in Patient Information Center iX (PICiX) Versions B.02, C.02, C.03

CSV Injection Vulnerability in Patient Information Center iX (PICiX) Versions B.02, C.02, C.03

CVE-2020-16214 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.

Learn more about our User Device Pen Test.