5078 matches found
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3...
CSV Injection while export users
1 admin add a client, or a client signup. 2 the client logins and edit himeself 3 the client change his COMPANY as "=1+cmd|'/C calc'!A0" 4 admin go to export the client as a csv file 5 admin open the csv and we can see that the calculator is opened. see...
CSV Injection while export users
1 admin add a user, or a user signup. 2 the user logins and edit himeself 3 the user change his realname as "=1+cmd|'/C calc'!A0" 4 admin go to export the users as a csv file 5 admin open the csv and we can see that the calculator is opened. see https://owasp.org/www-community/attacks/CSVInjectio...
Command Injection
admidio/admidio is vulnerable to CSV Injection. The vulnerability exists due to improper neutralization of formula elements in a CSV file which allows an attacker to execute arbitrary code via a crafted excel file...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager (ENM) versions prior to 22.1 are affected by CVE-2022-46408 in the Network Connectivity Manager (NCM) component. The vulnerability arises from improper neutralization of formula elements in CSV files, potentially enabling remote code execution or data leakage through mali...
WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to CSV Injection
Software Form Builder Type Plugin Vulnerable versions = 1.9.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-23796 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 2e9cd4b8cc95 Credits Rafshanzani Suhada Required privilege Unauthenticate...
WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection
Software Post to CSV by BestWebSoft Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-36527 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 7da5ccbd6441 Credits Mika Required privilege Author Publish...
GHSA-HM75-8W6H-4F8F Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
Admidio prior to 4.2.9 is vulnerable toImproper Neutralization of Formula Elements in a CSV File...
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
Admidio prior to 4.2.9 is vulnerable toImproper Neutralization of Formula Elements in a CSV File...
CVE-2023-3302
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9...
CVE-2023-3302
CVE-2023-3302 affects the open‑source Admidio member management system. The vulnerability is in the CSV handling of admidio/admidio prior to 4.2.9, caused by improper neutralization of formula elements in CSV files, which can lead to formula injection when CSV data is processed. Impact is describ...
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
Input validation
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
CVE-2023-31867
Sage X3 v12.14.0.50-0 is documented as vulnerable to CSV injection. The issue affects the Sage X3 software, with the root cause described in connected records as related to input validation (per PRION entry). The CVE entry notes CSV injection as the vulnerability, and Red Hat/CNNVD/NVD references...
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...