WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Sensitive Data Exposure

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4139 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 438988920d4b Credits István Márton...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Privilege Escalation

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-4140 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 2cf9cad320b2 Credits István Márton...

CSV Injection

phpmyfaq is vulnerable to CSV injection attacks. The vulnerability exists due to lack of sanitization in formula elements in a csv file which allows attackers to inject a csv payload and execute it when administer opens the CSV file...

GHSA-2XVX-368H-QCMV phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

Input validation

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4006 Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4006

CVE-2023-4006 affects phpMyFAQ before version 3.1.16. The vulnerability arises from improper neutralization of formula elements in CSV files processed by phpMyFAQ, enabling affects to potentially exploit crafted CSV content. Impact per CVSS (NVD) is Critical (C:H/I:H/A:H) with network attack vect...

CVE-2023-4006 Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.16, which stems from improperly neutralized formula elements in CSV files...

RosarioSIS 10.8.4 CSV Injection

Exploit Title: RosarioSIS 10.8.4 - CSV Injection Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on:...

phpMyFAQ < 3.1.16 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

CVE-2023-37219

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...

Design/Logic Flaw

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...

CVE-2023-37219

CVE-2023-37219 concerns Tadiran Telecom Composit, where the CSV processing is vulnerable to improper neutralization of formula elements (CWE-1236). The vulnerability affects the product’s CSV handling component and is characterized by a high-impact profile (confidentiality, integrity, and availab...

CVE-2023-37219 Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File...

PT-2023-25837 · Tadiran Telecom · Tadiran Telecom Composit

Name of the Vulnerable Software and Affected Versions: Tadiran Telecom Composit affected versions not specified Description: The issue concerns improper neutralization of formula elements in a CSV file, which is classified as CWE-1236. This could potentially lead to unintended actions or data...

RosarioSIS 10.8.4 - CSV Injection Vulnerability

Exploit Title: RosarioSIS 10.8.4 - CSV Injection Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on: Windows 10 1...

RosarioSIS 10.8.4 - CSV Injection

Exploit Title: RosarioSIS 10.8.4 - CSV Injection Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on:...