Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2629 | 1 Pimcore | 1 Customer Management Framework | 2023-05-31 | 7.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | ||||
| CVE-2023-29918 | 1 Rosariosis | 1 Rosariosis | 2023-05-09 | 5.4 Medium |
| RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | ||||
| CVE-2023-2258 | 1 Alf | 1 Alf | 2023-05-03 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | ||||
| CVE-2023-25348 | 1 Churchcrm | 1 Churchcrm | 2023-04-28 | 7.8 High |
| ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | ||||
| CVE-2023-29109 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2023-04-18 | 4.6 Medium |
| The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. | ||||
| CVE-2022-2112 | 1 Inventree Project | 1 Inventree | 2023-02-28 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | ||||
| CVE-2019-11872 | 1 Incsub | 1 Hustle | 2023-02-24 | 8.8 High |
| The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text. | ||||
| CVE-2019-16120 | 1 Tri | 1 Event Tickets | 2023-02-23 | 8.8 High |
| CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | ||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-01-30 | 8.0 High |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | ||||
| CVE-2019-12765 | 1 Joomla | 1 Joomla\! | 2023-01-30 | 9.8 Critical |
| An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. | ||||
| CVE-2022-37786 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-01-09 | 6.3 Medium |
| An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page. | ||||
| CVE-2019-4071 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2022-12-09 | 8.8 High |
| IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063. | ||||
| CVE-2022-41675 | 1 Raidenmaild | 1 Raidenmaild | 2022-12-01 | 8.0 High |
| A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | ||||
| CVE-2022-44830 | 1 Event Registration Application Project | 1 Event Registration Application | 2022-11-23 | 7.8 High |
| Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | ||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2022-11-22 | 8.8 High |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | ||||
| CVE-2022-3574 | 1 Wpforms | 1 Wpforms Pro | 2022-11-16 | 9.8 Critical |
| The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | ||||
| CVE-2021-24144 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 7.8 High |
| Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | ||||
| CVE-2022-3558 | 1 Codection | 1 Import And Export Users And Customers | 2022-11-10 | 8.0 High |
| The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | ||||
| CVE-2022-3463 | 1 Fluentforms | 1 Contact Form | 2022-11-09 | 9.8 Critical |
| The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | ||||
| CVE-2022-22425 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-11-04 | 9.8 Critical |
| "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598." | ||||