Lucene search
+L

710 matches found

CNVD
CNVD
added 2020/11/23 12:0 a.m.4 views

Netskope Injection Vulnerability

Netskope is a threat protection gateway for cloud environments from US-based Netskope. An injection vulnerability exists in Netskope version 75.0, which stems from a CSV injection vulnerability that can be exploited by an attacker to inject a malicious payload into an administrator's portal,...

9.3CVSS7.3AI score0.01117EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.10 views

SuiteCRM 安全漏洞

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

7.8CVSS7.1AI score0.00784EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/10 12:0 a.m.4 views

IBM FileNet Content Manager CSV Injection Vulnerability

IBM FileNet Content Manager is a comprehensive enterprise content management ECM solution that uniquely combines content management with out-of-the-box workflow processes to help organizations manage complex documents and control, share and quickly access critical business information. A CSV...

9.3CVSS7.8AI score0.01984EPSS
Exploits0References1
OSV
OSV
added 2020/11/09 9:15 p.m.4 views

CVE-2020-4759

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...

7.8CVSS7.3AI score0.01984EPSS
Exploits0References2
OSV
OSV
added 2020/11/05 4:15 p.m.6 views

CVE-2020-25398

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...

8.8CVSS7.3AI score0.01978EPSS
Exploits1References1
OSV
OSV
added 2020/11/04 5:15 p.m.9 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.8CVSS7.3AI score0.02144EPSS
Exploits1References3
OSV
OSV
added 2020/11/04 5:15 p.m.4 views

UBUNTU-CVE-2020-22278

DISPUTED phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."...

8.8CVSS7.3AI score0.01507EPSS
Exploits1References4
OSV
OSV
added 2020/11/02 9:15 p.m.14 views

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

4.3CVSS5.9AI score0.02031EPSS
Exploits1References3
CNVD
CNVD
added 2020/10/21 12:0 a.m.3 views

Anuko Time Tracker Injection Vulnerability

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A security vulnerability exists in versions prior to Anuko Time Tracker 1.19.23.5325, which stems from a failure to properly filter user input...

8.7CVSS6.8AI score0.03504EPSS
Exploits3References1
OSV
OSV
added 2020/10/12 2:15 p.m.5 views

CVE-2020-4689

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...

6.8CVSS6.9AI score0.02352EPSS
Exploits0References2
OSV
OSV
added 2020/10/12 2:15 p.m.4 views

CVE-2020-4302

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...

7.8CVSS6.7AI score0.01735EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/23 12:0 a.m.4 views

Ozeki NG SMS Gateway CSV Injection Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A CSV injection vulnerability exists in the "Contact Export" feature in Ozeki NG SMS Gateway 4.17.6 and earlier versions. The vulnerability can be exploited to run commands on the victim computer on behalf of the...

9.3CVSS7.4AI score0.01732EPSS
Exploits1References1
OSV
OSV
added 2020/09/11 1:15 p.m.4 views

CVE-2020-16214

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...

5CVSS5.7AI score0.00591EPSS
Exploits0References2
OSV
OSV
added 2020/08/29 8:15 p.m.4 views

CVE-2020-24898

The Table Filter and Charts for Confluence Server app before 5.3.26 for Atlassian Confluence allows SSRF via the "Table from CSV" macro URL parameter...

6.5CVSS6.6AI score0.00665EPSS
Exploits0References1
OSV
OSV
added 2020/08/20 1:17 a.m.4 views

CVE-2020-13826

A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...

8.8CVSS7.5AI score0.01499EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/08/06 2:34 p.m.7 views

CloudForms: CSV Injection in Orchestration Templates

A flaw was found in Orchestration Template of Red Hat CloudForms where a low privilege user could enter crafted CSV formulae. Successful exploitation will allow an attacker to execute arbitrary code with the privilege of currently logged in user of the system causing serious damage to the victim’...

6.3CVSS6.1AI score0.00701EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/22 12:0 a.m.1 views

Mattermost Server Injection Vulnerability (CNVD-2020-52026)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, prior to 4.0.4, and prior to 3.10.3. The vulnerability can be exploited by an attacker to perform CSV injection via a...

9.8CVSS7.1AI score0.01285EPSS
Exploits0References1
OSV
OSV
added 2020/05/18 7:15 p.m.5 views

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

8.8CVSS7.3AI score0.0109EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/14 12:0 a.m.6 views

TYPO3 Direct Mail Component Information Disclosure Vulnerability (CNVD-2020-28942)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and prior versions, which originates from the program's inability to check whether an authenticated back-end user...

4.3CVSS6.5AI score0.00778EPSS
Exploits0References1
OSV
OSV
added 2020/03/04 7:15 p.m.7 views

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...

7.8CVSS7.6AI score0.08612EPSS
Exploits5References4
Rows per page
Query Builder