Moodle formula injection vulnerability

A flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

UBUNTU-CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

CVE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

CVE-2025-62417

Bagisto (open-source Laravel eCommerce platform) is affected by CVE-2025-62417 due to improper handling of leading spreadsheet formula characters (e.g., =, +, -, @) in CSV data, allowing formulas to be interpreted when a CSV is opened in spreadsheet software. This leads to potential data exfiltra...