THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-2p5x-4jr6-x5jg (high) — FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export

[GHSA] GHSA-2p5x-4jr6-x5jg (high) — FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export

highgithub_advisoriesPublished 2026-07-14

GHSA-2p5x-4jr6-x5jg Severity: high CVE: CVE-2026-45263

FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export

## Summary

> **Live PoC verified 2026-04-30** against a stock FacturaScripts master at `127.0.0.1:8081`. A low-privilege user (`lowpriv`) created a customer with `nombre = "=SUM(1+1)*cmd|/c cal

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-2p5x-4jr6-x5jg