CVE-2023-22877

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...

CVE-2023-22719

Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1...

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48830

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48826

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-46355

In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...

CVE-2023-33410

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...

CVE-2023-29918

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module...

CVE-2023-3302

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9...

CVE-2023-24686

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...

CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...

CVE-2023-42004

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...