Vulnerability of EVlink City parking charging station software. Issues with EVlink Parking and EVlink Smart Wallbox, which arise due to incorrect neutralization during the creation of web pages. This allows a malicious actor to inject arbitrary codes during CSV file import or parameter changes at the station.

The software vulnerabilities of EVlink City parking stations. EVlink Parking and EVlink Smart Wallbox have vulnerabilities due to incorrect neutralization during the creation of their web pages. This allows unauthorized individuals to inject arbitrary codes during CSV file import or parameter...

Pimcore CSV Injection Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. Pimcore suffers from a CSV injection...

ChurchCRM 4.5.4 Cross Site Scripting Vulnerability

Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE: CVE-2023-31699 Step...

ChurchCRM 4.5.4 Cross Site Scripting

Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...

[SECURITY] Fedora 37 Update: rust-below-0.6.3-4.fc37

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection (CVE-2023-22887)

Summary A CSV Injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-22887 DESCRIPTION: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused ...

CSV Injection

pimcore/customer-management-framework-bundle is vulnerable to CSV Injection. The vulnerability exists because the getExportData function of AbstractExporter.php does not properly escape CSV records in the Firstname, Lastname, Street, Zip & City input fields, which allows an attacker to inject and...

GHSA-MQ3X-QGWX-3RFW Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...

Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...

CVE-2023-2629

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

Input validation

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

Directorist < 7.5.4 - Admin+ LFI

The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. PoC This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir=tools=2=/etc/passwd=; 2.. You will be presented with the first couple...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629

The CVE-2023-2629 entry describes a CSV Injection vulnerability in pimcore/customer-data-framework (GitHub repo) prior to version 3.3.9. The root cause is Improper Neutralization/Escaping of formula elements in CSV exports, notably in fields like Firstname, Lastname, Street, Zip, and City, which ...

WordPress GiveWP Plugin < 2.25.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; ifdescription...

Fedora: Security Advisory for rust-below (FEDORA-2023-cc21019773)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Spartacus - DLL Hijacking Discovery Tool

Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are asking for Spartacus to give himself up. The moment the real Spartacus stood up, a lot of others stood up as well and claimed to be him using the "I AM SPARTACUS" phrase. When a proces...

Cross-site Scripting and CSP Bypass in app.diagrams.net

Description The application allows the user to import a CSV template into the schema, but does not clean the input from the columns resulting in any javascript code being executed. Proof of Concept Example CSV import. Use for comments and for configuration. Paste CSV below. The following names ar...