Tag
ERPGo SaaS version 3.9 is vulnerable to CSV injection, allowing authenticated attackers to execute arbitrary code by injecting malicious formulas into the vendor name field during vendor creation, which are then executed when the exported CSV file is opened in a spreadsheet application.