CVE-2021-47901

Medium CVSS: 5.1

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.

Vendor

Product

CWE

CWE-1236

Yayın Tarihi

2026-01-27 16:16:13

Güncelleme

2026-01-29 16:31:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1236 MEDIUM 2026

Referanslar

https://github.com/maurosoria/dirsearch https://www.exploit-db.com/exploits/49370 https://www.vulncheck.com/advisories/dirsearch-csv-injection