5078 matches found
CVE-2021-4377 Doneren met Mollie <= 2.8.4 - Information Disclosure
The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...
miniCal CSV Injection Vulnerability
miniCal is miniCal open source an open source PMS. miniCal 1.0.0 and earlier versions exist CSV injection vulnerability , the vulnerability stems from improperly neutralized formula elements in CSV files , an attacker can exploit the vulnerability to remotely execute code...
Formula Injection vulnerability in CSV export feature
Description The admidio application is vulnerable to Formula Injection/CSV injection via the Firstname, Lastname input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a a crafted excel file. Proof of Concept 1. Create a member with role Associations boa...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
Input validation
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
PT-2023-24336 · Minical · Minical
Name of the Vulnerable Software and Affected Versions: Minical versions 1.0.0 and earlier Description: The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This is due to insufficient input validation on the Customer Name field in the Accounting...
CVE-2023-33410
CVE-2023-33410 affects Minical 1.0.0 and earlier. The vulnerability stems from insufficient input validation in the Customer Name field of the Accounting module used to construct CSV files, enabling a CSV injection that, per sources, can allow an attacker to execute remote code. Affected versions...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
HackerOne: Asset Inventory Internal Descriptions are leaked in CSV export
An internal asset description in the Asset Inventory feature of HackerOne was leaked in the CSV export, potentially exposing sensitive information stored in the description...
Rukovoditel 3.3.1 CSV Injection
Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Rukovoditel 3.3.1 - CSV injection
Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Rukovoditel 3.3.1 - CSV injection Vulnerability
Exploit Title: Rukovoditel 3.3.1 - CSV injection Version: 3.3.1 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 27-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Prestashop 8.0.4 CSV Injection
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
CSV Injection
francoisjacquet/rosariosis is vulnerable to CSV Injection. The vulnerability exists because the listSearch function of ListOutput.fnc.php does not properly escape CSV records, which allows an attacker to inject and execute malicious code via a crafted excel file...
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...
Prestashop 8.0.4 - CSV injection
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Prestashop 8.0.4 - CSV injection Vulnerability
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...