5078 matches found
Input validation
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
PT-2024-3869 · Unknown · Library Management System
Name of the Vulnerable Software and Affected Versions: Koha Library Management System versions 23.05.05 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file, affecting the components members/moremember.pl and admin/aqbudgets.pl. This allows a remote...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
PT-2024-13399 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue allows an unprivileged user to edit the audit logs for any user, potentially leading to CSV injection. It also enables a remote attacker to execute arbitrary code via a crafted script ...
CSV Injection
firefly-iii is vulnerable to CSV Injection vulnerability. The vulnerability is due to un-escaped user input in CSV files. This issue can be exploited by an attacker resulting in unauthorized access or manipulation of data when opening the csv file...
GHSA-29W6-C52G-M8JC C5 Firefly III CSV Injection.
Summary CSV injection is a vulnerability where untrusted user input in CSV files can lead to unauthorized access or data manipulation. In my subsequent testing of the application. Details I discovered that there is an option to "Export Data" from the web app to your personal computer, which expor...
C5 Firefly III CSV Injection.
Summary CSV injection is a vulnerability where untrusted user input in CSV files can lead to unauthorized access or data manipulation. In my subsequent testing of the application. Details I discovered that there is an option to "Export Data" from the web app to your personal computer, which expor...
PT-2024-40020 · Microsoft · Office Excel
Name of the Vulnerable Software and Affected Versions: Firefly III affected versions not specified Description: The issue allows unauthorized access or data manipulation through CSV injection, where untrusted user input in CSV files can lead to malicious actions. The web application has an "Expor...
Improper Access Control
Silverstripe Admin is vulnerable to Improper Access Control. The vulnerability is caused due to improper access control permissions during CSV import operations. This allows an attacker to modify existing records using the CSV import feature, even if they do not have the explicit edit permissions...
12 Step Meeting List < 3.14.29 - Subscriber+ CSV Download
Description The plugin does not have authorisation in its csv AJAX action, allowing any authenticated users, such a subscriber to export meetings and gain access to sensitive information...
GHSA-J3M6-GVM8-MHVW No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
CVE-2023-49783
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
Code injection
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783
CVE-2023-49783 affects SilverStripe Admin. In 1.x before 1.13.19 and 2.x before 2.1.8, users who lack edit/delete permissions for ModelAdmin records can still edit/delete records via the CSV import form if they have create permissions. The issue can enable unintended record modification, though t...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...
CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-49783...