5078 matches found
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
Design/Logic Flaw
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-25348
CVE-2023-25348 concerns ChurchCRM 4.5.3. The vulnerability is a CSV injection in the Last Name and First Name fields when creating a new person, allowing an attacker to trigger arbitrary code execution via a crafted Excel file. The available metrics indicate a HIGH impact with a LOCAL attack vect...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
Input validation
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
PT-2023-18564 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of formula elements in a CSV file. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: For versions...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258
CVE-2023-2258 affects the Alf.io/alfio-event backend. The flaw is improper neutralization of formula elements in CSV files generated by alf.io, leading to potential CSV Injection when exporting attendee data. The issue impacts versions prior to 2.0-M4-2304 . Connected docs confirm a backend CSV-i...
WordPress ReviewX Plugin <= 1.6.7 is vulnerable to CSV Injection
Software ReviewX Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46809 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 546a17e1f49d Credits Mika Required privilege Unauthenticated Published 13 Apri...
WordPress plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...
CVE-2022-43771
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...
Design/Logic Flaw
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...
CVE-2022-43771 Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds...
CVE-2022-43771
CVE-2022-43771 summary : Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, are affected by a path traversal flaw in the Pentaho Data Access plugin. The vulnerability arises from an exposed service endpoint for CSV import that accepts a user-su...