5078 matches found
WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection
Software Directorist Type Plugin Vulnerable versions = 7.7.1 Fixed in 7.7.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-41798 Patch priority Low CVSS severity Low 5.1 Developer Claim ownership PSID 305b807eea54 Credits Rafshanzani Suhada Required privilege Editor Publishe...
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
Spoofing
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216
CVE-2023-4216 relates to the WordPress plugin Orders Tracking for WooCommerce (admin-facing) prior to version 1.2.6. The vulnerability stems from inadequate validation of the file_url parameter during CSV import, enabling a high-privilege administrator (manage_woocommerce) to perform a directory ...
CVE-2023-4216 Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
WordPress plugin Orders Tracking for WooCommerce path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability in the...
UBUNTU-CVE-2023-41633
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c...
IBM InfoSphere Information Server CSV Injection Vulnerability (CNVD-2023-91222)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A CSV injection vulnerability exists in IBM InfoSphere Information Server version 11.7, which...
CVE-2023-22877
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
CVE-2023-22877
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
Input validation
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
CVE-2023-22877 IBM InfoSphere Information Server CSV injection
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
CVE-2023-22877 IBM InfoSphere Information Server CSV injection
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
CVE-2023-22877
CVE-2023-22877 affects IBM InfoSphere Information Server 11.7. The root cause is CSV injection arising from improper validation of CSV contents during processing, enabling a remote attacker to execute arbitrary commands on the system. Documentation cites CVSS metrics with high impact (C/H, I/H, A...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A CSV injection vulnerability exists in IBM InfoSphere Information Server version 11.7, which...
FreeBSD : phpmyfaq -- multiple vulnerabilities (ddd3fcc9-2bdd-11ee-9af4-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ddd3fcc9-2bdd-11ee-9af4-589cfc0f81b0 advisory. - phpmyfaq developers report: Cross Site Scripting vulnerability CSV injection vulnerability...
Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms
Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...
ChurchCRM CSV Injection Vulnerability (CNVD-2023-64045)
ChurchCRM is an open source CRM system for churches. ChurchCRM version 4.2.0 suffers from a CSV injection vulnerability that originates from improperly neutralized formula elements in a CSV file, which can be exploited by a remote attacker to execute arbitrary code via a crafted CSV file...
Stored XSS via user's Username
Description The application allows creating users with Username containing Malicious HTML/Javascript that can be executed in the users’ privileged context during the user editing process or visiting a phishing link. Proof of Concept Step 1: A privileged user creates a normal user account with...
CVE-2020-28848
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...