1931 matches found
CSV Injection
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to CSV Injection via the users data export feature. An attacker can execute arbitrary commands on the system by injecting malicious formulas into the profi...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53929
Summary: CVE-2023-53929 affects phpMyFAQ 3.1.12. The vulnerability arises in the user data export workflow: an authenticated user can place CSV-injection payloads (e.g., calc|a!z|) in their profile name, which can trigger code execution when an administrator exports user data as CSV. Affected sof...
CVE-2023-53905
CVE-2023-53905 affects ProjectSend r1605 and describes a CSV injection vulnerability where authenticated users can inject malicious formulas into user profile names. The vulnerability can trigger code execution when administrators export action logs to CSV files, with an example payload such as =...
CVE-2025-14229
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
CVE-2025-14229 SourceCodester Inventory Management System SVC Report Export csv injection
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
PT-2025-49546
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
SourceCodester Inventory Management System 安全漏洞
SourceCodester Inventory Management System is a SourceCodester open source inventory management system. A security vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from a CSV injection vulnerability in the SVC report export component...
CSV Injection
Overview org.webjars.npm:json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can...
CSV Injection
Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...
VulnCheck KEV: CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-13133
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into export...
CVE-2025-13133
The CVE-2025-13133 entry concerns the WordPress plugin Simple User Import Export (versions
PT-2025-47286
Name of the Vulnerable Software and Affected Versions Simple User Import Export plugin for WordPress versions up to and including 1.1.7 Description The Simple User Import Export plugin for WordPress is susceptible to CSV Injection through the 'Import/export users' function. This allows...
WordPress Simple User Import Export plugin <= 1.1.7 - Authenticated (Admin+) CSV Injection vulnerability
Authenticated Admin+ CSV Injection vulnerability discovered by Ivan Cese in WordPress Plugin Simple User Import Export versions = 1.1.7...
CVE-2025-12249
CVE-2025-12249 affects Axosoft Scrum and Bug Tracking 22.1.1.11545. The vulnerability lies in the Edit Ticket Page component where manipulating the Title argument enables CSV injection. Exploitation can be remote and the exploit is publicly available. Vendor has not responded. No public informati...
Axosoft Scrum and Bug Tracking 安全漏洞
Axosoft Scrum and Bug Tracking is an Agile project management and defect tracking software from Axosoft Corporation, USA. A security vulnerability exists in Axosoft Scrum and Bug Tracking version 22.1.1.11545, which stems from an incorrect manipulation of the parameter Title in the component Edit...
Debian dla-4349 : request-tracker4 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4349 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/...