5078 matches found
CVE-2022-44830
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2022-44830
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
Input validation
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2022-3600
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3634
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...
CVE-2022-3634
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...
Design/Logic Flaw
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...
Design/Logic Flaw
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-44830
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
WordPress ProfileGrid CSV Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
PT-2022-23316 · WordPress · Contact Form 7 Database Addon
Name of the Vulnerable Software and Affected Versions: Contact Form 7 Database Addon WordPress plugin versions prior to 1.2.6.5 Description: The issue concerns the Contact Form 7 Database Addon WordPress plugin, which does not validate data when outputting it back in a CSV file. This could lead t...
CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...
PT-2022-23098 · WordPress · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads WordPress plugin versions prior to 3.1.0.2 Description: The issue concerns the lack of data validation when outputting to a CSV file, potentially leading to CSV injection. This could allow malicious data to be injected...
CVE-2022-3600 Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3600
The CVE-2022-3600 vulnerability affects the Easy Digital Downloads WordPress plugin prior to version 3.1.0.2. The issue is that the plugin does not validate data when exporting to CSV, enabling CSV/formula injection. Impact is described as potentially enabling injection in CSV files opened by use...
CVE-2022-3600 Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...
WordPress plugin Contact Form 7 Database Addon 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
CVE-2022-44830
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2022-44830
Summary: CVE-2022-44830 affects Sourcecodester Event Registration App v1.0. The vulnerability is a set of CSV injection flaws in the First Name, Contact, and Remarks fields that can be exploited to execute arbitrary code via a crafted Excel file. The connected documents consistently describe thes...
CVE-2022-3634
Affects WordPress Contact Form 7 Database Addon plugin for WordPress (versions prior to 1.2.6.5). The vulnerability arises because the plugin does not validate data when exporting to CSV, enabling CSV injection. CVSS v3.1 base score 9.8 (CRITICAL). Remediation: update to version 1.2.6.5 or later....