7 matches found
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering characters. An attacker can cause...
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept...
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept the...
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
Sql injection
Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...
PT-2021-23599 · Imagicle · Imagicle Application Suite
Name of the Vulnerable Software and Affected Versions: Imagicle Application Suite for Cisco UC versions prior to 2021.Summer.2 Description: The issue allows SQL injection, where a low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...