5078 matches found
CVE-2023-49775
Cross-Site Request Forgery CSRF vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8...
CVE-2023-36527
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...
CVE-2023-51763
csvbuilder.rb in ActiveAdmin aka Active Admin before 3.2.0 allows CSV injection...
CVE-2023-2252
The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...
CVE-2023-31295
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the User Profile field...
CVE-2023-31296
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows attackers to obtain sensitive information via the User Name field...
CVE-2023-22877
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...
CVE-2023-22719
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1...
CVE-2023-35899
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...
CVE-2023-5424
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...
CVE-2023-48835
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language Labels Export action...
CVE-2023-48830
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export...
CVE-2023-48841
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language Labels Export action...
CVE-2023-48826
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List...
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-33410
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...
CVE-2023-29918
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module...