Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...

CVE-2021-43515

CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...

CVE-2021-43515

CVE-2021-43515 corresponds to a CSV Injection vulnerability in Kimai 2. The issue arises when creating a new timesheet and entering a payload in the Description field; during CSV export, this input is not sanitized and can be interpreted by spreadsheet programs (e.g., Excel) as formulas or comman...

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

Input validation

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

CVE-2022-23868

CVE-2022-23868 affects RuoYi v4.7.2 via the ruoyi-admin interface, describing a CSV injection vulnerability when a victim opens an .xlsx log file. The connected Red Hat entry corroborates the same product/version. CVSS‑3.1 base score is 7.8 (HIGH) with LOCAL attack, user interaction required, and...

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

CSZ CMS 1.2.9 - Multiple Blind SQL injection (Authenticated) Vulnerability

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP 7.4.16, Apache...

CSZ CMS 1.2.9 SQL Injection

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQL Injection Authenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali...

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

Design/Logic Flaw

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc

Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

CVE-2022-26249

Survey King v0.3.0 is affected by a CSV/Excel export data-filtering flaw that allows injection of data into exported files, enabling arbitrary code execution or access to sensitive information. The issue arises from improper data filtering during Excel export (CSV injection vector), as described ...

Survey King 安全漏洞

Survey King is one of the most powerful, beautiful and easy-to-install open source survey questionnaire systems from the individual developers of Survey King in China. A security vulnerability exists in Survey King version v0.3.0, which stems from the application not properly filtering data when...

WordPress Export All URLs plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Export All URLs plugin prior to 4.2, which stems from the plugin's failu...