Lucene search
K

1931 matches found

Snyk
Snyk
added 2025/12/17 11:42 p.m.6 views

CSV Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to CSV Injection via the users data export feature. An attacker can execute arbitrary commands on the system by injecting malicious formulas into the profi...

8.8CVSS7.7AI score0.00442EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53913

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

8.8CVSS0.00616EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 11:15 p.m.6 views

CVE-2023-53913

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

6.2CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2025/12/17 10:44 p.m.12 views

CVE-2023-53929

Summary: CVE-2023-53929 affects phpMyFAQ 3.1.12. The vulnerability arises in the user data export workflow: an authenticated user can place CSV-injection payloads (e.g., calc|a!z|) in their profile name, which can trigger code execution when an administrator exports user data as CSV. Affected sof...

8.8CVSS7.3AI score0.00442EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/12/17 10:44 p.m.11 views

CVE-2023-53905

CVE-2023-53905 affects ProjectSend r1605 and describes a CSV injection vulnerability where authenticated users can inject malicious formulas into user profile names. The vulnerability can trigger code execution when administrators export action logs to CSV files, with an example payload such as =...

8CVSS7.3AI score0.00412EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/08 11:15 a.m.8 views

CVE-2025-14229

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

8CVSS5.5AI score0.00299EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/08 11:2 a.m.34 views

CVE-2025-14229 SourceCodester Inventory Management System SVC Report Export csv injection

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

5.8CVSS0.00299EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.5 views

PT-2025-49546

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

5.8CVSS6.9AI score0.00299EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.6 views

SourceCodester Inventory Management System 安全漏洞

SourceCodester Inventory Management System is a SourceCodester open source inventory management system. A security vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from a CSV injection vulnerability in the SVC report export component...

8CVSS5.3AI score0.00299EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/06 1:4 a.m.7 views

CSV Injection

Overview org.webjars.npm:json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can...

7CVSS5.9AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/06 1:4 a.m.10 views

CSV Injection

Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...

7CVSS5.9AI score0.00166EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/12/01 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9.8CVSS5.9AI score0.0269EPSS
In wildExploits1References27
OSV
OSV
added 2025/11/28 3:16 p.m.5 views

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

7.5CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.3 views

CVE-2025-13133

The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into export...

6.6CVSS6.7AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 9:27 a.m.18 views

CVE-2025-13133

The CVE-2025-13133 entry concerns the WordPress plugin Simple User Import Export (versions

6.6CVSS6.3AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47286

Name of the Vulnerable Software and Affected Versions Simple User Import Export plugin for WordPress versions up to and including 1.1.7 Description The Simple User Import Export plugin for WordPress is susceptible to CSV Injection through the 'Import/export users' function. This allows...

6.6CVSS6.4AI score0.00243EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/17 11:55 p.m.6 views

WordPress Simple User Import Export plugin <= 1.1.7 - Authenticated (Admin+) CSV Injection vulnerability

Authenticated Admin+ CSV Injection vulnerability discovered by Ivan Cese in WordPress Plugin Simple User Import Export versions = 1.1.7...

6.6CVSS7.2AI score0.00243EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/27 8:2 a.m.19 views

CVE-2025-12249

CVE-2025-12249 affects Axosoft Scrum and Bug Tracking 22.1.1.11545. The vulnerability lies in the Edit Ticket Page component where manipulating the Title argument enables CSV injection. Exploitation can be remote and the exploit is publicly available. Vendor has not responded. No public informati...

6.5CVSS6.4AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

Axosoft Scrum and Bug Tracking 安全漏洞

Axosoft Scrum and Bug Tracking is an Agile project management and defect tracking software from Axosoft Corporation, USA. A security vulnerability exists in Axosoft Scrum and Bug Tracking version 22.1.1.11545, which stems from an incorrect manipulation of the parameter Title in the component Edit...

6.5CVSS6.6AI score0.00264EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/26 12:0 a.m.6 views

Debian dla-4349 : request-tracker4 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4349 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/...

2.6CVSS5.6AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder