CVE-2023-3527 (call_management_system)

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software

such as Microsoft Excel.

 

administrative privileges application avaya call cms command csv cve data excel file injection input management may microsoft microsoft excel privileges software spreadsheet system vulnerability web web application