CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

PT-2025-48337

Name of the Vulnerable Software and Affected Versions HCL Technologies Ltd. Unica version 12.0.0 Description A CSV formula injection issue exists in HCL Technologies Ltd. Unica. The issue allows for potential manipulation through crafted CSV files. Recommendations At the moment, there is no...

CVE-2025-11254

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...

EUVD-2025-26200

Malicious code in bioql PyPI...

PT-2025-39874

Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health versions prior to 2025-03-14 Description A CSV injection issue exists that permits a remote, authenticated attacker to inject macros into downloadable CSV files. The issue was resolved on March...

PT-2025-36486

Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A CSV injection vulnerability exists in the /id profiles API endpoint of the software. This allows attackers to execute arbitrary code by supplying a crafted Excel file. Recommendations: As a...

Intelbras InControl 安全漏洞

Intelbras InControl is an access control management software from Intelbras that allows users to easily manage any ingress and egress traffic using access control devices. A security vulnerability exists in Intelbras InControl version 2.21.60.9 and earlier, which stems from a csv injection attack...

CVE-2024-3214

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

MaxKB 安全漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A security vulnerability exists in MaxKB 1.10.7 and earlier versions, which stems from a CSV injection in the component Knowledge Base Module...

PHPJabbers Car Park Booking System Security Vulnerability

PHPJabbers Car Park Booking System is a parking lot booking system by PHPJabbers. A security vulnerability exists in PHPJabbers Car Park Booking System version 3.0, which stems from a CSV injection vulnerability...

PT-2023-12954 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include malicious code. This code is then downloaded as a...

PT-2023-20033 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: The issue allows attackers to execute arbitrary code via a crafted Excel file, exploiting a CSV injection vulnerability. This vulnerability is present in the Last Name and First Name input fields when...

Event Registration App 安全漏洞

Event Registration App is a JavaScript application for registering event participants by Carlo Montero Personal Developer. A CSV injection vulnerability exists in Carlo Montero Event Registration App v1.0, which stems from improper use of the formula elements of the First Name, Contact, and Remar...

CVE-2022-38061

Authenticated author+ CSV Injection vulnerability in Export Post Info plugin = 1.2.0 at WordPress...

Huawei Imanager NetEco 代码注入漏洞

Huawei Imanager NetEco is a professional energy infrastructure management platform from Huawei China. Huawei iManager NetEco suffers from a CSV injection vulnerability, which stems from insufficient input validation of certain parameters and can be exploited to inject CSV files into the target...

Akaunting 安全漏洞

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. A CSV injection vulnerability exists in the project name field of the export function in Akaunting. An attacker can exploit this vulnerability to inject arbitrary code into the name paramete...

Lenovo XClarity Controller CSV Injection Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo, China, that is used to standardize and automate basic server management tasks. A CSV injection vulnerability exists in Lenovo XClarity Controller. An attacker can exploit this vulnerability to execute arbitrary cod...

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

Injection Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An injection vulnerability exists in Joomla! An attacker can exploit this vulnerability to conduct CSV injection attacks...

PT-2018-10637 · Woocommerce · Advanced Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Advanced Order Export For WooCommerce versions 1.5.4 and earlier Description: The issue concerns a CSV Injection vulnerability. Recommendations: For versions 1.5.4 and earlier, update to a version later than 1.5.4 to resolve the issue...