Taiga 安全漏洞

Taiga is a free open source project management tool from Taiga Open Source. A security vulnerability exists in Taiga version v6.8.1, which stems from the inclusion of a CSV injection issue that could lead to arbitrary code execution...

CVE-2024-53555

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file...

CVE-2024-53555

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file...

WordPress My Contador lesr plugin <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export vulnerability

Missing Authorization to Unauthenticated User Registration CSV Export vulnerability discovered by SOPROBRO in WordPress Plugin My Contador lesr versions = 2.0...

CVE-2024-52406

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through = 3.26...

CVE-2024-52406

CVE-2024-52406 affects the WordPress plugin CSV to HTML (versions

CVE-2024-52406 WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through = 3.26...

CVE-2024-52406 WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04...

CVE-2024-52372

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

CVE-2024-52372

CVE-2024-52372 corresponds to an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Easy CSV Importer BETA (versions n/a–7.0.0). The vulnerability allows uploading a web shell via the plugin’s file-upload feature; the root cause is unsafe handling of arbitrary file types duri...

CVE-2024-52372 WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

CVE-2024-52372 WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through = 7.0.0...

WordPress CSV to html plugin <= 3.26 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin CSV to html versions = 3.26...

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection via the file /account/profile of the Name field under the "Edit Your Profile" section. An attacker can gain elevated privileges and exfiltrate internal system...

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

PT-2024-34522 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...

WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability

CSV Limited Path Traversal vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WOLF versions = 1.0.8.3...

WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Easy CSV Importer BETA versions = 7.0.0...