33 matches found
EUVD-2025-123412
Malicious code in prettier-stylelint-miranda-rollup-plugin-csv npm...
EUVD-2020-30285
Malware in sbrugna...
EUVD-2023-35536
Malicious code in bioql PyPI...
EUVD-2023-57460
Malicious code in bioql PyPI...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185
CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...
CVE-2020-36849
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...
CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...
PT-2025-29320 · WordPress · Ait Csv Import/Export
Name of the Vulnerable Software and Affected Versions: AIT CSV import/export plugin for WordPress versions up to and including 3.0.3 Description: The AIT CSV import/export plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation in the...
CVE-2025-34083
CVE-2025-34083 is rejected/not used; it is a duplicate of CVE-2020-36849.
CVE-2022-4368
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting...
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
Import Users from CSV < 1.3 - Authenticated (Admin+) PHP Object Injection
Description The Import Users from CSV plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object...
WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
PHP Object Injection vulnerability discovered by Trình Vũ Sonicrrrr from VNPT-VCI in WordPress Plugin Import Users from CSV versions = 1.2...
WordPress Import Users from CSV Plugin <= 1.2 is vulnerable to PHP Object Injection
Software Import Users from CSV Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32431 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID e3f19c84ef38 Credits Trình Vũ Sonicrrrr from VNPT-VCI Require...
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
Grafana Code Issue Vulnerability
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from a CSV datasource plugin that...
CVE-2022-41616 WordPress Export Users Data CSV plugin <= 2.1 - Auth. CSV Injection vulnerability
A vulnerability in Kaushik Export Users Data CSV export-users-data-csv.This issue affects Export Users Data CSV: from n/a through = 2.1...