CVE-2024-55988 WordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through = 1.0.9...

CVE-2024-55988 WordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through = 1.0.9...

CVE-2024-55988

CVE-2024-55988 corresponds to an unauthenticated SQL Injection in the Navayan CSV Export WordPress plugin (up to version 1.0.9). Root cause: insufficient escaping/handling of user-supplied input in SQL queries, enabling data extraction. Public references list this CVE and indicate the Navayan CSV...

WordPress plugin Navayan CSV Export SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability...

PT-2024-36641 · Unknown · Navayan Csv Export

Name of the Vulnerable Software and Affected Versions: Navayan CSV Export versions 1.0.9 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This problem enables attackers to inject malicious SQL...

WordPress My Contador lesr plugin <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export vulnerability

Missing Authorization to Unauthenticated User Registration CSV Export vulnerability discovered by SOPROBRO in WordPress Plugin My Contador lesr versions = 2.0...

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

PT-2024-34522 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

WordPress plugin Business Directory security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

GHSA-MQJC-X563-C9Q8 silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...

CVE-2024-25007

Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...

BIT-MOODLE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

BIT-REDMINE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

BIT-RESOURCESPACE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...