Format string

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...

Design/Logic Flaw

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

CVE-2021-24144 Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

CVE-2021-24146

CVE-2021-24146 affects WordPress Modern Events Calendar Lite (versions before 5.16.5). The flaw is lack of proper authorization checks that do not restrict access to exported event files, allowing unauthenticated users to retrieve all events data in CSV or XML formats. Affected plugin: Modern Eve...

CVE-2021-24144

The CVE-2021-24144 issue affects the WordPress plugin Contact Form 7 Database Addon (CFDB7). Unvalidated input in CFDB7 prior to version 1.2.5.6 allows injection of arbitrary formulas into CSV exports/files. Affected component: CFDB7 CSV export handling; root cause: input validation weakness lead...

CVE-2021-24146 Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example...

Wordpress Contact Form 7 Database Addon 注入漏洞

Wordpress Contact Form 7 Database Addon is an open source application plugin for Wordpress. This plugin is used to save Contact Form 7 submissions to your WordPress database. An input validation error vulnerability exists in versions of the Contact Form 7 Database Addon plugin prior to 1.2.5.6,...

Pimcore Local File Inclusion Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore. The...

Genisys - Powerful Telegram Members Scraping And Adding Toolkit

Powerful Telegram Members Scraping and Adding Toolkit Features ADDS IN BULKby user id, not by username Scrapes and adds to public groups Works in Windows systems You can run unlimited accounts at the same time in order to add members CSV files auto-distributer based on number of accounts to use...

WordPress Newsletter plugin <= 6.5.3 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Fortinet in WordPress Newsletter plugin versions = 6.5.3. Solution Update the WordPress Newsletter to the latest available version at least 6.5.4...

GitLab: RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Summary When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and...

CVE-2021-21085 Adobe Connect CSV injection via export feature could lead to code execution

Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

Design/Logic Flaw

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

CVE-2021-27839

CVE-2021-27839 describes a CSV injection vulnerability in Online Invoicing System (OIS) versions 4.3 and earlier. The issue allows authenticated users to inject data via CSV exports that could redirect admins to harmful sites or expose other clients’ data. Root cause is CSV injection in OIS’s exp...

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

PrestaShop CSV Injection Vulnerability

PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A CSV injection vulnerability exists in PrestaShop versions prior to 1.7.2. An attacker can exploit this vulnerability by using the store search keyword in the admin panel to conduct a CS...

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...