CVE-2023-41261

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results...

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

PT-2023-27875 · Plixer · Plixer Scrutinizer

Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint, specifically in the csvExportReport endpoint action generateCSV, which is vulnerable to SQL injection through the sorting...

CVE-2023-41261

Summary: CVE-2023-41261 affects Plixer Scrutinizer prior to version 19.3.1. The vulnerability resides in the /fcgi/scrut_fcgi.fcgi endpoint, where the csvExportReport action generateCSV does not require authentication, allowing an unauthenticated user to export reports and access results. Affecte...

CVE-2021-4422

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...

CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

PT-2023-16477 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.3.0 Description: The issue allows unauthenticated attackers to embed untrusted input into exported CSV files. This can result in code execution when...

CVE-2021-4377

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...

HackerOne: Asset Inventory Internal Descriptions are leaked in CSV export

An internal asset description in the Asset Inventory feature of HackerOne was leaked in the CSV export, potentially exposing sensitive information stored in the description...

SUSE CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2022-3605

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability...

Low: Red Hat Security Advisory: RHACS 3.73 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Team Johnlong software Raiden MAILD Mail Server 安全漏洞

Team Johnlong software Raiden MAILD Mail Server is a mail server software from Team Johnlong software. A security vulnerability exists in Team Johnlong software Raiden MAILD Mail Server versions prior to v4.7.4. The vulnerability originates from the fact that a remote attacker with general user...

PT-2022-25353 · WordPress · Appointment Hour Booking Plugin

Name of the Vulnerable Software and Affected Versions: Appointment Hour Booking Plugin for WordPress versions up to, and including, 1.3.72 Description: The issue allows unauthenticated attackers to embed untrusted input into content during booking creation, which may be exported as a CSV file whe...

CVE-2022-3603 Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

CVE-2022-3574

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

PT-2022-20648 · Montala · Resourcespace

Name of the Vulnerable Software and Affected Versions: Montala ResourceSpace versions prior to r19636 Description: The issue allows attackers to export collection metadata via a non-NULL k value in the csv export results metadata.php file. Recommendations: For versions prior to r19636, update to ...

CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...