CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

Input validation

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

CVE-2022-1800 Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-1800

CVE-2022-1800 affects the WordPress plugin “Export any WordPress data to XML/CSV” versions prior to 1.3.5. The root cause is unsanitized use of the POST parameter cpt in a database query during export, which leads to SQL injection. Multiple sources (Red Hat, CNVD, CVE/NVD listings, WPVulnDB, Patc...

CVE-2022-1202

Summary of CVE-2022-1202 : The WP-CRM WordPress plugin, up to version 1.2.1, does not validate or sanitize fields when exporting people to CSV, enabling a CSV injection vulnerability. The root cause is inadequate input validation during CSV export, allowing crafted values in fields such as Displa...

CVE-2022-1202 WP-CRM <= 1.2.1 - CSV Injection

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

WordPress plugin WP-CRM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP-CRM plugin version 1.2.1 and earlier versions are vulnerable to a CSV injection...

WordPress plugin Export any WordPress data to XML/CSV SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Formula Injection Part Description

Description Formula Injection/CSV Injection in inventree due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept Video PoC link: https://drive.google.com/file/d/1mfBTUDS1iZ4uJfBpc568WgpdZdN5f/view?usp=sharing...

CVE-2022-2027

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0...

Input validation

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0...

CVE-2022-2027

CVE-2022-2027 concerns the GitHub project kromitgmbh/titra and describes an vulnerability in how CSV files are handled. The root cause is improper neutralization of formula elements in CSV content, enabling a potential CSV/Formula Injection. Affected versions are those prior to 0.77.0; the vulner...

CVE-2022-2027 Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0...

CVE-2022-2027 Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0...

WordPress Export any WordPress data to XML/CSV plugin <= 1.3.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.5. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.6...

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Task" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1. Click on plus track button 2. Under the task input field enter the payloads =1+1 3. Now enter the work hour as 2 4. Then click on save 5. Now go to details and...