Code injection

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

CVE-2023-24686

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

CVE-2023-24686

CVE-2023-24686 affects ChurchCRM v4.5.3 and earlier. The vulnerability resides in the CSV Import function, enabling an attacker to execute arbitrary code by importing a crafted CSV file. The available sources (NVD, RH, OSV, CNVD-style records, CVE feeds) consistently describe the issue as a code-...

CVE-2023-24686

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

PT-2023-1739 · Fortinet · Fortianalyzer

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 6.4.9 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.5 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.1 Description: The issue is related to the improper neutralization of formula elements i...

WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection

Software WordPress Comments Import & Export Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45370 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aa57ae50e983 Credits Mika Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45810 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID bc18fb9ece3e Credits Mika Required privilege...

Veeam Backup and Replication Credentials Dump

This module exports and decrypts credentials from Veeam Backup & Replication and Veeam ONE Monitor Server to a CSV file; it is intended as a post-exploitation module for Windows hosts with either of these products installed. The module supports automatic detection of VBR / Veeam ONE and is capabl...

WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection

Software 1003 Mortgage Application Type Plugin Vulnerable versions = 1.75 Fixed in 1.80 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45357 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID aadde6bd0ebf Credits Rodrigo Escobar ipax Required privilege...

WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection

Software Commenter Emails Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45360 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 7afa84e72c95 Credits Mika Required privilege Unauthenticated Published ...

WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection

Software Posts and Users Stats Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-44738 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID adb9c8d12136 Credits Mika Required privilege Subscriber Publishe...

WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection

Software Simple History Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.4.0 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-45350 Patch priority Low CVSS severity Low 3 Developer Claim ownership PSID d53822044a90 Credits ed32.dll Required privilege Subscriber Published 2...

WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection

Software Noptin Type Plugin Vulnerable versions = 1.9.5 Fixed in 1.10.0 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46803 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 08ef06d5753a Credits Mika Required privilege Unauthenticated Published 27...

WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection

Software Site Reviews Type Plugin Vulnerable versions = 6.2.0 Fixed in 6.4.0 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-46801 Patch priority Low CVSS severity Low 6.1 Developer Gemini Labs PSID 909e5b139291 Credits Mika Required privilege Unauthenticated Published 27...

Get-AppLockerEventlog - Script For Fetching Applocker Event Log By Parsing The Win-Event Log

This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to the events for forensic or threat-hunting purposes, or even in order to troubleshoot. Here are the log...

ERPGo SaaS 3.9 CSV Injection

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version:...

PowerHuntShares - Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains

PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights t...

csv-interact (>=0.0.1 <=1.0.0), jb55-json2csv (>=3.0.0 <=3.1.1) +1 more potentially affected by CVE-2023-26106 via dot-lens (=1.2.3)

dot-lens NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dot-lens and may be impacted: - csv-interact =0.0.1, =3.0.0, =3.1.1 - tableize-csv-parser =0.0.1 Source cves: CVE-2023-26106 Source advisory: SNYK:JS-DOTLENS-3227646...

CVE-2022-4368

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting...

Cross site scripting

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting...