THREAT OPS › Threat News › [GHSA] GHSA-2p5x-4jr6-x5jg (high) — FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export
[GHSA] GHSA-2p5x-4jr6-x5jg (high) — FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export
GHSA-2p5x-4jr6-x5jg Severity: high CVE: CVE-2026-45263
FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export
## Summary
> **Live PoC verified 2026-04-30** against a stock FacturaScripts master at `127.0.0.1:8081`. A low-privilege user (`lowpriv`) created a customer with `nombre = "=SUM(1+1)*cmd|/c cal
MITRE ATT&CK techniques
- Dynamic Data ExchangeT1559.002
Indicators of compromise
- CVE-2026-45263cve
- http://127.0.0.1:8081/loginurl
- http://127.0.0.1:8081/EditClienteurl
- http://127.0.0.1:8081/ListCliente?action=export&option=CSVurl
- https://attacker/?p=url
Original source: https://github.com/advisories/GHSA-2p5x-4jr6-x5jg