Design/Logic Flaw

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

Export Users to CSV < 1.4 - Unauthorised CSV Access

The plugin exports a CSV file containing sensitive user data. The generated files are stored in a public directory with a predictable filename based on a Unix timestamp. CSV files are discoverable either through enumeration or path traversal. Export Users to CSV does not provide visibility over...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-14861

An issue (CVE-2018-14861) affects Odoo Community 10.0/11.0 and Odoo Enterprise 10.0/11.0 where improper data access control allows authenticated users to export other users’ securely hashed passwords via CSV. Root cause: improper access controls on the CSV export feature. Impact: disclosure of pa...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

Input validation

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

CVE-2019-12765

CVE-2019-12765 affects Joomla! prior to 3.9.7. The issue is a CSV injection in the CSV export of the com_actionslogs component, caused by insufficient input validation during export. Public references (NVD/NIST, Nessus, OSV, CNVD, ENISA) confirm the vulnerability in Joomla! versions 3.9.0–3.9.6 (...

EUVD-2019-4349

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

CVE-2019-12134

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in Workday through 32 via a value provided by a low-privileged user in a contact form field that is mishandled in a CSV export...

WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability

CSV Export vulnerability found in WordPress FV Flowplayer Video Player plugin versions = 7.3.14.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.3.15.727...

FV Flowplayer Video Player <= 7.3.14.727 - CSV Export

Changelog states: Security - fix for email subscription CSV export capability available to guest users...

TableField - Critical - Remote Code Execution - SA-CONTRIB-2019-045

This module allows you to attach tabular data to an entity. The module doesn't sufficiently determine that the data being unserialized is the contents of a tablefield when users request a CSV export, which could lead to Remote Code Execution via Object Injection. This vulnerability is mitigated b...