Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.6 views

CVE-2020-5298

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...

4.8CVSS5.9AI score0.00909EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 p.m.7 views

CVE-2020-9200

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

7.8CVSS7AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.12 views

CVE-2020-9347

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external...

9.8CVSS7.2AI score0.07794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.11 views

CVE-2020-9466

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection...

6.1CVSS7AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.7 views

CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to...

4.9CVSS7AI score0.00624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.7 views

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

9.8CVSS7.8AI score0.71135EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.6 views

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

10CVSS6.9AI score0.78141EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.8 views

CVE-2020-26507

A CSV Injection also known as Formula Injection vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into th...

9.3CVSS8AI score0.01EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.8 views

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...

7.8CVSS7.8AI score0.08612EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 p.m.6 views

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

9.8CVSS7.1AI score0.02842EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.8 views

CVE-2020-5299

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...

5.1CVSS6.8AI score0.01002EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.9 views

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

8CVSS7AI score0.01207EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 p.m.10 views

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

9.3CVSS6.9AI score0.01313EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.6 views

CVE-2020-35382

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...

7.2CVSS8.2AI score0.01028EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.19 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.8CVSS6.7AI score0.02144EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.6 views

CVE-2020-11548

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

9.8CVSS8.1AI score0.05175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:2 p.m.6 views

CVE-2020-22274

JomSocial Joomla Social Network Extention 4.7.6 allows CSV injection via a customer's profile...

9.8CVSS7.2AI score0.01608EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.7 views

CVE-2020-10460

admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...

4.9CVSS6.9AI score0.01078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.9 views

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

8.8CVSS7.2AI score0.0109EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.7 views

CVE-2020-9017

LiteCart through 2.2.1 allows CSV injection via a customer's profile...

8CVSS7.2AI score0.01102EPSS
Exploits1References1
Rows per page
Query Builder