Input validation

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1 contain a vulnerability in the CSV export function caused by insufficient input validation. This may allow a privileged user to potentially execute arbitrary code or commands. The CVE description lists the affected ver...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability Formula Injection. A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens...

PT-2021-24067 · WordPress · Post Smtp Mailer

Name of the Vulnerable Software and Affected Versions: POST SMTP Mailer plugin for WordPress versions up to, and including, 2.0.20 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the handleCsvExport function. This allows...

Input validation

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

Catalyst It Ltd Mahara Cms 安全漏洞

Catalyst It Ltd Mahara Cms is a fully featured electronic portfolio, blog, resume builder and social networking system from Catalyst It Ltd in New Zealand. Used to connect users and create online communities. A security vulnerability exists in Catalyst It Ltd Mahara Cms that stems from an exporte...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

Input validation

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

PT-2021-20095 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus version 6.1 Build No: 6101 Description: A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus can be exploited by an unauthenticated user. The j username parameter seems to be...

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring of network, system and application resources. A SQL injection vulnerability exists in Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. An...

Insecure Access Control

directmailteam/direct-mail uses insecure access controls. The extension fails to check if an authenticated backend user has access to newsletter subscriber tables e.g. ttaddress, feusers when using the CSV export function of the extension...

CVE-2021-24441

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

Design/Logic Flaw

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...