5078 matches found
Cross site request forgery (csrf)
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...
PHPJabbers Availability Booking Calendar 5.0 CSV Injection
Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0...
PHPJabbers Availability Booking Calendar 5.0 CSV Injection Vulnerability
Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0 Tested on: Windows...
CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
Design/Logic Flaw
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
PT-2023-30674 · Coreos · Corebos
Name of the Vulnerable Software and Affected Versions: Corebos versions 8.0 and below Description: The issue allows an attacker with low privileges to inject a malicious command into a table, which is then executed when an administrator exports the data to a CSV file and opens it, potentially...
CVE-2023-48029
CoreBOS 8.0 and earlier are affected by CVE-2023-48029, a CSV Injection vulnerability. The issue allows an attacker with low privileges to inject a malicious command into a table, which is executed when an administrator visits the user management section, exports data to CSV, and opens it on thei...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-site Scripting XSS. A cross-site scripting XSS vulnerability in the CSV grade import method allows an attacker to inject malicious code into a Moodle site by uploading a specially crafted CSV file containing the malicious code. The malicious code would then be...
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept the...
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept...
GHSA-28GC-4QQ5-8Q26 Moodle Cross-site Scripting vulnerability
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...
Design/Logic Flaw
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...