5079 matches found
Design/Logic Flaw
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...
CVE-2021-37702
Pimcore CVE-2021-37702 affects Pimcore before version 10.1.1, where Data Object CSV import allows formula injection. The issue is fixed in 10.1.1; remediation options include upgrading to 10.1.1 or applying the patch manually. The vulnerability stems from improper handling in CSV import that can ...
CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...
CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...
CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...
Input validation
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...
CVE-2021-20509
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243...
CVE-2021-20509
CVE-2021-20509 affects IBM Maximo Asset Management core product versions 7.6.0.x and 7.6.1.x. Root cause: improper validation of CSV file contents, enabling CSV Injection that could allow a remote attacker to execute arbitrary commands on the system. Remediation: IBM’s bulletin provides fixes (In...
IBM Maximo Asset Management CSV Injection Vulnerability (CNVD-2021-88198)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. IBM Maximo Asse...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
Design/Logic Flaw
DISPUTED A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts...
CVE-2021-33256
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...
CVE-2021-33256
CVE-2021-33256 affects ManageEngine ADSelfService Plus 6.1 Build 6101. Multiple sources describe a CSV injection on the login panel, where the unauthenticated user can trigger a vulnerability via the j_username parameter, potentially enabling a reverse shell when a privileged user exports the Use...
PT-2021-20095 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus version 6.1 Build No: 6101 Description: A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus can be exploited by an unauthenticated user. The j username parameter seems to be...
zoho ManageEngine ADSelfService Plus 安全漏洞
ZOHO ManageEngine ADSelfService Plus is a web-based end-user password management software from ZOHO, Inc. A CSV injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus, which can be exploited by attackers to obtain a reverse shell...
Welcart e-Commerce < 2.2.8 - Unauthenticated Information Disclosure
The plugin did not have proper capability check in some of its functions, which could allow unauthenticated users to download the list of members, products and orders in CSV format...
Centreon SQL注入漏洞
Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring of network, system and application resources. A SQL injection vulnerability exists in Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. An...
Insecure Access Control
directmailteam/direct-mail uses insecure access controls. The extension fails to check if an authenticated backend user has access to newsletter subscriber tables e.g. ttaddress, feusers when using the CSV export function of the extension...
CVE-2021-22771
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...