34 matches found
PT-2024-2114 · Fortinet · Forticlientems
Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 6.0.0 through 6.0.8 Fortinet FortiClientEMS versions 6.2.0 through 6.2.9 Fortinet FortiClientEMS versions 6.4.0 through 6.4.9 Fortinet FortiClientEMS versions 7.0.0 through 7.0.10 Fortinet FortiClientEMS...
CVE-2022-44738
Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...
CVE-2022-46802
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8...
PT-2023-28098 · WordPress · Directorist
Name of the Vulnerable Software and Affected Versions: Directorist – WordPress Business Directory Plugin with Classified Ads Listings versions 7.7.1 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects the Directorist –...
Cross site scripting
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...
CVE-2022-31260
In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...
CVE-2022-0914
The CVE-2022-0914 entry concerns the WordPress plugin “Export All URLs” (before version 4.3). According to connected sources (Red Hat, NVD, CVE records, Patchstack), the vulnerability is a CSRF flaw that can allow a logged-in admin to export all posts and pages (including private/draft) into an a...
PYSEC-2022-229
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2021-23654
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...
OS Command Injection
CSV is vulnerable to OS command injection. The vulnerability allows an attacker to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
The vulnerability of the “Export” function in the web application for phpMyAdmin’s database administration system allows a hacker to execute arbitrary code.
The vulnerability of the “Export” function in the phpMyAdmin web application for database management involves the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a specially crafted CSV file...
RSMembership! older than 1.22.11 ,Other
RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...
RSEvents! Pro (March 2019),Other
RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...