1935 matches found
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
EUVD-2023-60202
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...
EUVD-2023-60217
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CSV Injection
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to CSV Injection via the users data export feature. An attacker can execute arbitrary commands on the system by injecting malicious formulas into the profi...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53929
Summary: CVE-2023-53929 affects phpMyFAQ 3.1.12. The vulnerability arises in the user data export workflow: an authenticated user can place CSV-injection payloads (e.g., calc|a!z|) in their profile name, which can trigger code execution when an administrator exports user data as CSV. Affected sof...
CVE-2023-53905
CVE-2023-53905 affects ProjectSend r1605 and describes a CSV injection vulnerability where authenticated users can inject malicious formulas into user profile names. The vulnerability can trigger code execution when administrators export action logs to CSV files, with an example payload such as =...
CVE-2025-14229
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
CVE-2025-14229 SourceCodester Inventory Management System SVC Report Export csv injection
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
PT-2025-49546
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...
SourceCodester Inventory Management System 安全漏洞
SourceCodester Inventory Management System is a SourceCodester open source inventory management system. A security vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from a CSV injection vulnerability in the SVC report export component...
CSV Injection
Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...
CSV Injection
Overview org.webjars.npm:json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can...
VulnCheck KEV: CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...
CVE-2025-13133
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into export...
CVE-2025-13133
The CVE-2025-13133 entry concerns the WordPress plugin Simple User Import Export (versions
PT-2025-47286
Name of the Vulnerable Software and Affected Versions Simple User Import Export plugin for WordPress versions up to and including 1.1.7 Description The Simple User Import Export plugin for WordPress is susceptible to CSV Injection through the 'Import/export users' function. This allows...
WordPress Simple User Import Export plugin <= 1.1.7 - Authenticated (Admin+) CSV Injection vulnerability
Authenticated Admin+ CSV Injection vulnerability discovered by Ivan Cese in WordPress Plugin Simple User Import Export versions = 1.1.7...