CVE-2019-25727

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

PT-2026-46187

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

CVE-2026-10248 SourceCodester Pharmacy Sales and Inventory System Supplier Creation export create_supplier csv injection

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function createsupplier of the file /Exportcsv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

EUVD-2025-31402

Malicious code in bioql PyPI...

EUVD-2022-33657

Malicious code in bioql PyPI...

CVE-2025-10002

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-10002

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the exportcsv function in all versions up to, and including, 2.5.0 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-10002

CVE-2025-10002 affects the ClickWhale – Link Manager, Link Shortener and Click Tracker for WordPress plugin. Versions up to and including 2.5.0 are vulnerable to SQL Injection in export_csv() due to insufficient escaping and lack of proper query preparation, enabling authenticated Administrators ...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

Apache Ranger Improper Neutralization of Formula Elements vulnerability

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

PT-2024-21649 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta, and tests-passed versions Description: The issue affects the endpoints for suspending users, silencing users, and exporting CSV files, which do not enforce limits on the sizes of the...

CVE-2022-3603 Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

WP-CRM <= 1.2.1 - CSV Injection

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. 1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry. payload : =cmd|' /C calc'!'A...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...