Malicious code in Be.Vlaanԁeren.Basisregisters.AspNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4208 Malicious code in Be.Vlaanԁerеn.Basisregisters.AsрNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanԁerеn.Basisregisters.AsрNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

CSV Injection

silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's system...

CVE-2023-5527

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

CVE-2023-5527

CVE-2023-5527 affects the Business Directory Plugin for WordPress. The vulnerability is a CSV Injection in the class-csv-exporter.php export path, allowing authenticated attackers with author-level permissions and above to inject untrusted input into CSV exports. This can lead to code execution w...

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

WordPress plugin Business Directory security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Business Directory Plugin < 6.4.4 - Authenticated (Author+) CSV Injection

Description The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported...

WordPress Business Directory Plugin Plugin <= 6.4.3 is vulnerable to CSV Injection

Software Business Directory Plugin Type Plugin Vulnerable versions = 6.4.3 Fixed in 6.4.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5527 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID fa4533c87625 Credits Dmitrii Ignatyev Required privilege Auth...

OPENSUSE-SU-2024:13151-1 jackson-dataformat-csv-2.15.2-1.1 on GA media

These are all security issues fixed in the jackson-dataformat-csv-2.15.2-1.1 package on the GA media of openSUSE Tumbleweed...

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP-CGI RCE Quick Detection Usage: ba...

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

CVE-2023-5424

The CVE-2023-5424 entry refers to WS Form LITE for WordPress being vulnerable to CSV Injection in versions up to 1.9.217. An unauthenticated attacker could embed untrusted input into exported CSV files, which is stated to lead to code execution when a vulnerable file is opened. The connected docu...

CVE-2023-5424 WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

CVE-2023-5424 WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

WordPress WS Form Pro plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form Pro versions = 1.9.217...

WordPress WS Form LITE Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form LITE Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer WS Form PSID 7d55c6663718 Credits Duc Manh Required privilege Unauthenticated Published 7...

WordPress WS Form Pro Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form Pro Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID b17414acaf13 Credits Duc Manh Required privilege Unauthenticated...