CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

CVE-2020-36962 Tendenci 12.3.1 - CSV/ Formula Injection

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2021-47901 dirsearch 0.4.1 - CSV Injection

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report...

HCL Unica 安全漏洞

HCL Unica is an enterprise-level marketing automation and campaign management platform from HCL India. A security vulnerability exists in HCL Unica version 12.0.0 that stems from vulnerability to CSV formula injection attacks...

WordPress plugin Simple User Import Export 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability

Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...

CVE-2023-51313

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV fi...

WordPress WS Form LITE plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form LITE versions = 1.9.217...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server version 11.7 has a CSV injection vulnerability, which stems from its...

Tibco Software TIBCO Administrator SQL注入漏洞

Tibco Software TIBCO Administrator is an application from the American company Tibco Software. It is used to manage users, monitor computers and deploy applications that use TIBCO products. A SQL injection vulnerability exists in TIBCO Software, which can be exploited by an attacker to perform a...