CVE-2022-1054

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and emai...

WordPress plugin RSVP and Event Management Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress RSVP and Event Management plugin is vulnerable to an access control error that results from...

PT-2025-45364

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.12.6 Description SuiteCRM’s export functionality has a SQL injection issue due to a failure to sanitize SQL query structure when processing the uid parameter. Successful exploitation could allow a remote,...

GHSA-65HP-4VXR-C356 Arbitrary code execution in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file...

GHSA-3QPG-33WR-533J Improper Restriction of XML External Entity Reference in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

Xxe

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

Design/Logic Flaw

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46365

CVE-2021-46365 affects Magnolia CMS v6.2.3 and earlier, where the Export function processes crafted XLF files enabling XML External Entity (XXE) attacks. The reported impact is high (CVSS 3.1: High) with local exploitability and potential high confidentiality/integrity/availability impact as per ...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46363

Magnolia CMS vulnerability CVE-2021-46363 affects Magnolia v6.2.3 and earlier, where the Export function can be abused to trigger Formula Injection via crafted CSV/XLS files, potentially leading to arbitrary code execution when opened in Excel. Impact is associated with local/ content-based execu...

CVE-2021-24915

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...

Ericsson Network Location Mps Gmpc21 命令注入漏洞

Ericsson Network Location Mps Gmpc21 is a network mobile positioning system from Ericsson, Sweden. Ericsson Network Location MPS GMPC21 suffers from a command injection vulnerability that arises from the lack of filtering and escaping of SQL statements in the file name query in the export functio...

VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability

Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...

The vulnerability of the libxcb library in operating systems such as ALT Linux, ROSA Linux, and MSVSphere allows attackers to cause service failures.

The vulnerability of the libxcb library in ALT Linux, ROSA Linux, and MSVSphere operating systems is related to the lack of checks for the correctness of input parameters for the export function xcbgetpropertyvalueend. Exploiting this vulnerability can allow attackers to cause failures in...

CVE-2020-13589

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entitiesid parameter in the 'entities/fields page mulitpleedit or copyselected or export function is vulnerable to authenticated SQL injection. An attacker can make...