Design/Logic Flaw

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports...

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. GET /wp-admin/admin-post.php?action=dmmexport...

phpList CSV Injection Vulnerability

phpList is an open source newsletter and email marketing software from phpList UK. A CSV injection vulnerability exists in phpList 3.6.0 related to the email parameter and /lists/admin/ export. No detailed vulnerability details are provided at this time...

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. PoC GET /wp-admin/admin-post.php?action=dmmexport...

CVE-2021-3188

CVE-2021-3188 affects phpList 3.6.0. The vulnerability is a CSV injection issue tied to the email parameter and exports under /lists/admin/, with the CVE described as enabling CSV injection. The available data confirms the affected software and the general class of vulnerability (CSV injection) b...

CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports...

PT-2021-19562 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList version 3.6.0 Description: The issue allows for CSV injection, related to the email parameter, and affects the /lists/admin/ endpoint. Recommendations: For phpList version 3.6.0, consider restricting access to the /lists/admin/ endpoi...

GHSA-29V9-2FPX-J5G9 CSV Injection vulnerability with exported contact lists in Mautic

Impact Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSVInjection. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory:...

CSV Injection vulnerability with exported contact lists in Mautic

Impact Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSVInjection. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory:...

301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection

The plugin does not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. The PoC video provided mentioned 2.53 as vulnerable, however v2.45 was installed and used. The issue has been verified to have been fixed in 2.51 PoC POST...

VulnCheck KEV: CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

WordPress AIT CSV Import Export Unauthenticated Remote Code Execution

The AIT CSV Import/Export plugin use exploit/multi/http/wpaitcsvrce msf exploitwpaitcsvrce show targets ...targets... msf exploitwpaitcsvrce set TARGET msf exploitwpaitcsvrce show options ...show and set options... msf exploitwpaitcsvrce exploit This module requires Metasploit:...

WordPress AIT CSV Import/Export 3.0.3 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress AIT CSV Import Export Unauthenticated Remote Code Execution', 'Description' = %q The AIT CSV Import/Export plugin MSFLICENSE, 'Author' ...

WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however t...

CVE-2020-36849

creationtimestamp| type| source ---|---|--- 2021-01-11 21:43:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wpaitcsvrce.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7 2026-05-25 09:12:17+00:00| seen|...

Exif-Gps-Tracer - A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset

A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps Prerequisite To run this script fluently , 1 You should have Google Maps API 2 You should enable Map JavaScript API in Console To g...

dnsrecon 0.10.0 CSV Injection

Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...

dnsrecon 0.10.0 - CSV Injection

Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...