5078 matches found
Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name field...
Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. PoC Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name...
WordPress Mobile Events Manager Plugin <= 1.4.7 - Authenticated CSV Injection vulnerability
Authenticated CSV Injection vulnerability discovered by Varun thorat in Mobile Events Manager versions = 1.4.7 Solution Update the WordPress Mobile Events Manager plugin to the latest available version at least 1.4.8...
WordPress Affiliates Manager Plugin <= 2.9.13 - CSV Injection vulnerability
CSV Injection vulnerability discovered by WPScan in Affiliates Managers versions = 2.9.13 Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.9.14...
Affiliates Manager < 2.9.14 - Affiliate CSV Injection
The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data PoC Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As...
Affiliates Manager < 2.9.14 - Affiliate CSV Injection
The plugin does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data Register as an affiliate and put the following payload in the Firstname, Lastname or Company fields: =10+2+30 As admi...
Slack: CSV export/import functionality allows administrators to modify member and message content of a workspace
On August 6th, 2022 @security-warrior submitted a report in HackerOne to Slack regarding the CSV export/import functionality primarily used by administrators to merge workspaces. The report centers on the ability of an administrator to modify an export to change user or message content. Upon...
WordPress Import users from CSV with meta Plugin < 1.14.2.2 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:codection:importusersfromcsvwithmeta"; ifdescription...
CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
Server side request forgery (ssrf)
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
SSRF via CSV import into JSM Insight - CVE-2021-43959
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...
CVE-2022-2240
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-2240
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it...
CVE-2022-2240
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it...