Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...

GHSA-MQ3X-QGWX-3RFW Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...

CSV Injection

luyadev/yii-helpers is vulnerable to CSV injection. The vulnerability is possible because the library does not properly neutralize the Firstname and the Lastname, which allows an attacker to inject malicious inputs causing several harmful outcomes such as, client-sided command injection, code...

Improper neutralization of formula elements in yii-helpers

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...