PT-2023-23497 · Sage · Sage X3

Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to CSV Injection. Recommendations: For Sage X3 version 12.14.0.50-0, at the moment, there is no information about a newer version that contains a fix for this issue...

CVE-2023-31867

Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...

WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection

Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-23678 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 204630e00285 Credits Rio Darmawan...

projectSend r1605 - CSV injection Vulnerability

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC ========================================...

Denial Of Service (DOS)

The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service DOS attack...

projectSend r1605 CSV Injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

projectSend r1605 - CSV injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

TerraMaster TOS 4.2.06 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to CSV Injection

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-0721 Patch priority Low CVSS severity Low 4.7 Developer Wpmet PSID 2f722b3f2145 Credits Ramuel Gall Required privilege...

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

Input validation

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is affected by CVE-2023-0721 (affected versions up to and including 3.3.0). The underlying issue is CSV injection in exported CSV files, allowing unauthenticated input to be embedded in CSVs, which can lead to code execution when the...

PT-2023-16477 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.3.0 Description: The issue allows unauthenticated attackers to embed untrusted input into exported CSV files. This can result in code execution when...

Metform Elementor Contact Form Builder < Unauthenticated CSV Injection

The plugin does not properly escape user-supplied input which is output in CSV files, which could be abused in CSV Injection attacks...

CVE-2021-4377

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...

CVE-2021-4377 Doneren met Mollie <= 2.8.4 - Information Disclosure

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...