5079 matches found
CVE-2021-24016
Fortinet FortiManager vulnerability CVE-2021-24016: An improper neutralization of formula elements in policy-name CSV/Excel fields can lead to arbitrary shell commands when a crafted IPv4 field is included and the exported configuration file is opened unsafely. Affected are FortiManager 6.4.3 and...
CVE-2021-41824
Craft CMS before 3.7.14 allows CSV injection...
CVE-2021-41824
Craft CMS before 3.7.14 allows CSV injection...
Design/Logic Flaw
Craft CMS before 3.7.14 allows CSV injection...
CVE-2021-41824
Craft CMS before 3.7.14 allows CSV injection...
CVE-2021-41824
Craft CMS before version 3.7.14 is vulnerable to CSV injection via export functionality. The root cause is lack of input sanitization/escaping when exporting data to CSV, allowing crafted input to trigger payloads in CSV readers (e.g., Excel). Affected software is Craft CMS (core) with CSV export...
CVE-2021-25960
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...
CVE-2021-25960
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...
Input validation
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...
CVE-2021-25960 SuiteCRM - CSV Injection in Accounts Module
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability Formula Injection. A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the...
CVE-2021-25960
CVE-2021-25960 applies to SuiteCRM versions 7.10.29–7.10.31 and 7.11.18–7.11.19, which are affected by a CSV Injection (Formula Injection) in the accounts module. A low-privilege user can inject payloads into input fields; when an administrator exports data to CSV via the accounts module and open...
SuiteCRM 注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. SuiteCRM has an injection vulnerability that stems from SuiteCRM being affected by a CSV injection vulnerability formula injection. A low-privileged attacker could use the Account module to inject a payload int...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
Input validation
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
Ericsson ECM prior to 18.0 contains a CSV injection vulnerability in the Security Provider Endpoint of the User Profile Management section (CVE-2021-41390). The issue is documented across multiple sources (NVD, Red Hat advisory, CVE list, CNNVD). The provided materials consistently describe the a...
The vulnerability of the export report function implementation in Centreon software for IT infrastructure monitoring allows a hacker to execute arbitrary SQL commands.
The vulnerability of the software’s reporting export function for IT infrastructure monitoring in Centreon relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using the script...
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...
ODBParser - OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenance OR to query databases you have permission to access! PLEASE USE RESPONSIBLY What is this? Wrote this as wanted to create...