WordPress plugin CSV Me 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-25858 · WordPress · Csv Me

Name of the Vulnerable Software and Affected Versions: CSV Me plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to insufficient file type validation in the csv me options page function, allowing authenticated attackers with Administrator-level access and...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview handcraftedinthealps/goodby-csv is a CSV import/export library Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the wakeup process. An attacker can execute arbitrary code by leveraging a gadget chain if...

handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution

Impact goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597

The CVE-2025-49597 entry concerns handcraftedinthealps/goodby-csv prior to version 1.4.3. It describes an insecure deserialization gadget chain that, if an application deserializes untrusted data due to another vulnerability, could be leveraged to achieve remote code execution. The issue is patch...

Handcrafted in the Alps Goodby CSV 安全漏洞

Handcrafted in the Alps Goodby CSV is a Handcrafted in the Alps open source application. A security vulnerability exists in Handcrafted in the Alps Goodby CSV versions prior to 1.4.3, which stems from insecure deserialization and could lead to remote code execution...

PT-2025-25443 · Unknown · Goodby-Csv

Name of the Vulnerable Software and Affected Versions: goodby-csv versions prior to 1.4.3 Description: The issue concerns an insecure deserialization vulnerability in the goodby-csv library, which can be used as part of a "gadget chain" to achieve remote code execution if an application...

WordPress CSV Mass Importer plugin <= 1.2 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CSV Mass Importer versions = 1.2...

com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)

org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

CVE-2024-41226

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. T...

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format...