Search
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2024-01-11 | N/A | 8.8 HIGH |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2023-31294 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-08 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | |||||
| CVE-2023-31295 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-08 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | |||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-01-04 | N/A | 6.5 MEDIUM |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-01-03 | N/A | 9.8 CRITICAL |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | |||||
| CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 5.8 MEDIUM | 5.0 MEDIUM |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | |||||
| CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-11 | N/A | 8.8 HIGH |
| Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | |||||
| CVE-2023-42004 | 1 Ibm | 1 Security Guardium | 2023-12-04 | N/A | 8.8 HIGH |
| IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | |||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2023-11-25 | N/A | 8.0 HIGH |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | |||||
| CVE-2023-25983 | 1 Liquidweb | 1 Kb Support | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2023-11-14 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||||
| CVE-2023-38843 | 1 Atlos | 1 Atlos | 2023-08-23 | N/A | 8.0 HIGH |
| An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | |||||
| CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2023-08-04 | N/A | 7.8 HIGH |
| Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | |||||
| CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-08-03 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | |||||
| CVE-2022-27858 | 1 Activity Log Project | 1 Activity Log | 2023-08-02 | N/A | 9.8 CRITICAL |
| CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | |||||
| CVE-2022-28864 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 8.8 HIGH |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | |||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2023-07-28 | N/A | 6.8 MEDIUM |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | |||||
| CVE-2022-1539 | 1 Exports And Reports Project | 1 Exports And Reports | 2022-07-29 | N/A | 8.8 HIGH |
| The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. | |||||
| CVE-2022-2240 | 1 Emarketdesign | 1 Request A Quote | 2022-07-29 | N/A | 8.8 HIGH |
| The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | |||||
| CVE-2022-2112 | 1 Inventree | 1 Inventree | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2022-1202 | 1 Usabilitydynamics | 1 Wp-crm | 2022-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | |||||
| CVE-2022-2027 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 8.0 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2020-36531 | 1 Ibm | 1 Sevone Network Performance Management | 2022-06-14 | 6.0 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. | |||||
| CVE-2022-26867 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2022-06-13 | 6.0 MEDIUM | 8.0 HIGH |
| PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | |||||
| CVE-2022-0142 | 1 Vfbpro | 1 Visual Form Builder | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2021-46363 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-06-05 | 9.3 HIGH | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | |||||
| CVE-2022-1544 | 1 Luya | 1 Yii-helpers | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. | |||||
| CVE-2022-28481 | 1 Csv-safe Project | 1 Csv-safe | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. | |||||
| CVE-2022-29315 | 1 Invicti | 1 Acunetix | 2022-04-27 | 9.3 HIGH | 8.8 HIGH |
| Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | |||||
| CVE-2021-23286 | 1 Eaton | 1 Intelligent Power Manager | 2022-04-27 | 7.9 HIGH | 8.0 HIGH |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2022-22689 | 1 Broadcom | 1 Ca Harvest Software Change Manager | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | |||||
| CVE-2022-22121 | 1 Xgenecloud | 1 Nocodb | 2022-01-19 | 6.0 MEDIUM | 8.0 HIGH |
| In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. | |||||
| CVE-2020-9372 | 1 Codepeople | 1 Appointment Booking Calendar | 2022-01-01 | 6.8 MEDIUM | 7.8 HIGH |
| The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. | |||||
| CVE-2021-23654 | 1 Html-to-csv Project | 1 Html-to-csv | 2021-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. | |||||
| CVE-2021-41270 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`. | |||||
| CVE-2021-41824 | 1 Craftcms | 1 Craft Cms | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Craft CMS before 3.7.14 allows CSV injection. | |||||
| CVE-2021-36334 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 6.0 MEDIUM | 6.8 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine | |||||
| CVE-2020-15255 | 1 Anuko | 1 Time Tracker | 2021-11-18 | 6.0 MEDIUM | 7.3 HIGH |
| In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325. | |||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2021-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | |||||
| CVE-2021-40848 | 1 Mahara | 1 Mahara | 2021-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | |||||
| CVE-2020-36503 | 1 Connections-pro | 1 Connections Business Directory | 2021-11-03 | 6.0 MEDIUM | 8.0 HIGH |
| The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | |||||
| CVE-2021-37131 | 1 Huawei | 3 Imanager Neteco, Imanager Neteco 6000, Manageone | 2021-10-29 | 6.0 MEDIUM | 6.8 MEDIUM |
| There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2021-38180 | 1 Sap | 1 Business One | 2021-10-19 | 9.3 HIGH | 9.8 CRITICAL |
| SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. | |||||
| CVE-2021-24016 | 1 Fortinet | 1 Fortimanager | 2021-10-08 | 9.3 HIGH | 6.3 MEDIUM |
| An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | |||||
| CVE-2021-25960 | 1 Salesagility | 1 Suitecrm | 2021-10-07 | 6.0 MEDIUM | 8.0 HIGH |
| In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. | |||||
| CVE-2021-25962 | 1 Shuup | 1 Shuup | 2021-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed. | |||||
| CVE-2021-33256 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-21 | 9.3 HIGH | 8.8 HIGH |
| ** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file. Note: The vendor disputes this vulnerability, claiming "This is not a valid vulnerability in our ADSSP product. We don't see this as a security issue at our side." | |||||
| CVE-2021-27020 | 1 Puppet | 1 Puppet Enterprise | 2021-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | |||||
| CVE-2021-37702 | 1 Pimcore | 1 Pimcore | 2021-08-26 | 6.5 MEDIUM | 8.8 HIGH |
| Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. | |||||