710 matches found
Netskope Injection Vulnerability
Netskope is a threat protection gateway for cloud environments from US-based Netskope. An injection vulnerability exists in Netskope version 75.0, which stems from a CSV injection vulnerability that can be exploited by an attacker to inject a malicious payload into an administrator's portal,...
SuiteCRM 安全漏洞
SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...
IBM FileNet Content Manager CSV Injection Vulnerability
IBM FileNet Content Manager is a comprehensive enterprise content management ECM solution that uniquely combines content management with out-of-the-box workflow processes to help organizations manage complex documents and control, share and quickly access critical business information. A CSV...
CVE-2020-4759
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736...
CVE-2020-25398
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
UBUNTU-CVE-2020-22278
DISPUTED phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."...
CVE-2020-27358
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...
Anuko Time Tracker Injection Vulnerability
Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A security vulnerability exists in versions prior to Anuko Time Tracker 1.19.23.5325, which stems from a failure to properly filter user input...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4302
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID:...
Ozeki NG SMS Gateway CSV Injection Vulnerability
Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A CSV injection vulnerability exists in the "Contact Export" feature in Ozeki NG SMS Gateway 4.17.6 and earlier versions. The vulnerability can be exploited to run commands on the victim computer on behalf of the...
CVE-2020-16214
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...
CVE-2020-24898
The Table Filter and Charts for Confluence Server app before 5.3.26 for Atlassian Confluence allows SSRF via the "Table from CSV" macro URL parameter...
CVE-2020-13826
A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...
CloudForms: CSV Injection in Orchestration Templates
A flaw was found in Orchestration Template of Red Hat CloudForms where a low privilege user could enter crafted CSV formulae. Successful exploitation will allow an attacker to execute arbitrary code with the privilege of currently logged in user of the system causing serious damage to the victim’...
Mattermost Server Injection Vulnerability (CNVD-2020-52026)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, prior to 4.0.4, and prior to 3.10.3. The vulnerability can be exploited by an attacker to perform CSV injection via a...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
TYPO3 Direct Mail Component Information Disclosure Vulnerability (CNVD-2020-28942)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and prior versions, which originates from the program's inability to check whether an authenticated back-end user...
CVE-2020-9372
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...