5077 matches found
CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...
CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...
CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...
CVE-2024-42901
Summary: CVE-2024-42901 affects LimeSurvey v6.5.12, where a crafted CSV file upload can trigger a CSV injection that may lead to arbitrary code execution. Details from sources: The vulnerability is described as a CSV injection vulnerability in LimeSurvey v6.5.12 that allows attackers to execute a...
LimeSurvey 安全漏洞
LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team that supports survey program development, survey posting, and data collection. A security vulnerability exists in LimeSurvey version v6.5.12, which stems from the inclusion of a CSV injection...
PT-2024-30195 · Unknown · Limesurvey
Name of the Vulnerable Software and Affected Versions: Lime Survey version 6.5.12 Description: A CSV injection vulnerability in Lime Survey allows attackers to execute arbitrary code via uploading a crafted CSV file. This issue enables attackers to upload specially crafted CSV files, which can le...
CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...
The vulnerability of software for asset management and GLPI data processing centers, related to improper access control, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for asset management and GLPI data processing centers relates to the implementation of a CSV file, by creating a file with a fake header. Exploiting this vulnerability can allow an attacker operating remotely to compromise the confidentiality, integrity, and...
WordPress Ultimate CSV Importer User Table Extract
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' class MetasploitModule 'WordPress Ultimate CSV Importer User Table Extract', 'Description' = %q Due to lack of verification of a visitor's permissions, it ...
OpenEMR 5.0.1 Patch 6 SQL Injection
require 'csv' This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenEMR 5.0.1 Patch 6 SQLi Dump', 'Description' = ' This module exploits a SQLi vulnerability found in OpenEMR version 5.0.1 Patch ...
CVE-2024-2541 Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via...
CVE-2024-2541
CVE-2024-2541 concerns the Popup Builder plugin for WordPress. It enables Sensitive Information Exposure in all versions up to 4.3.3 via the Subscribers Import feature, allowing unauthenticated attackers to access subscriber data (e.g., first name, last name, email, and potentially other PII) aft...
ROS-20240828-02
A vulnerability in GLPI's asset and data center management software is related to the CSV file injection by creating a file with a spoofed header. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...
The export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is vulnerable, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps relates to the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows an attacker operating...
CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...
CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...
PT-2024-29312 · Automation Anywhere · Automation Anywhere Automation 360
Name of the Vulnerable Software and Affected Versions: Automation Anywhere Automation 360 version 21094 Description: A CSV injection issue allows attackers to execute arbitrary code via a crafted payload. The payload is injected in the HTTP response from the client-side. Note that Automation...
CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...
CVE-2024-41226
CVE-2024-41226 describes a CSV injection vulnerability in Automation Anywhere Automation 360 (v21094). The underlying issue allows an attacker to trigger arbitrary code execution by injecting a crafted payload into the HTTP response from the client-side, with the end-user owning the response and ...
CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...