CVE-2023-48826

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List...

CVE-2023-48830

Shuttle Booking Software 2.0 is affected by CVE-2023-48830 due to CSV injection in the Languages section during export. The root cause is insufficient input validation on the Unique ID field in the Reservations list used to construct CSV exports. Impact is exposure of injected content in exported...

CVE-2023-48841

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48207

CVE-2023-48207 affects PHPJabbers Availability Booking Calendar version 5.0. The vulnerability arises from insufficient input validation in the unique ID field used to build CSV exports from the Reservations list component, enabling CSV injection. Public sources describe potential remote code exe...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...

CVE-2023-48835

CVE-2023-48835 affects Car Rental Script v3.0; the vulnerability is a CSV Injection in the Language > Labels > Export action due to insufficient input validation on the Unique ID field in Reservations. Impact is high (C:H, I:H, A:H) with CVSS 3.1 base score 8.8. In-the-wild/exploit details ...

CVE-2023-46354

In the module "Orders CSV, Excel Export PRO" ordersexport 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information fro...

CVE-2023-46354

The CVE-2023-46354 entry concerns PrestaShop’s Orders (CSV, Excel) Export PRO module (ordersexport)

PT-2023-29974 · Prestashop · Orders (Csv

Name of the Vulnerable Software and Affected Versions: Orders CSV, Excel Export PRO module for PrestaShop versions prior to 5.2.0 Description: The issue allows a guest to download personal information without restriction due to a lack of permissions control. This can lead to a leak of personal...

WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software CSV Importer Type Plugin Vulnerable versions = 0.3.8 Fixed in 0.3.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49775 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 940182804bef Credits Nguyen Xuan Chien...

PHPJabbers Appointment Scheduler 3.0 CSV Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows 10,...

PHPJabbers Car Rental 3.0 CSV Injection

Exploit Title: PHPJabbers Car Rental v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, MS Offi...

PHPJabbers Time Slots Booking Calendar 4.0 CSV Injection

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - CSV Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...

PHPJabbers Shuttle Booking Software 2.0 CSV Injection

Exploit Title: PHPJabbers Shuttle Booking Software v2.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: v2.0 Tested on: Windows 10...

IBM Security Guardium CSV Injection Vulnerability (CNVD-2023-9528503)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A CSV injection vulnerability exists in IBM Security Guardi...

CVE-2023-42004

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

Input validation

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

CVE-2023-42004 IBM Security Guardium CSV injection

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

CVE-2023-42004 IBM Security Guardium CSV injection

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

CVE-2023-42004

IBM Security Guardium versions 11.3, 11.4, and 11.5 are affected by CVE-2023-42004, a CSV injection vulnerability due to improper validation of CSV file contents. A remote attacker could execute malicious commands via crafted CSV data, with high impact on confidentiality, integrity, and availabil...