Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc. devices, CrossChex Standard integrates intelligent management of time attendance and relevant functions of access control. It has been widely used in many office buildings and factories across the world, continuously serving access control and management requests from many companies with stable performance, accurate calculation, safe management and high intelligence.
CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the 'Name' field when adding a user or using the custom fields 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date' and 'Address'. Upon importing, the application will launch Excel program and execute the malicious macro formula.