CVE-2020-28845

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...

Design/Logic Flaw

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...

CVE-2020-28845

CVE-2020-28845 involves a CSV injection vulnerability in Netskope Admin portal (version 75.0). An unauthenticated attacker can inject a malicious payload via the admin UI, potentially compromising the administrator’s system. Metrics from NVD indicate high impact across confidentiality, integrity,...

CVE-2020-28845

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...

WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin versions = 1.4.7. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

WordPress Import and export users and customers plugin <= 1.16.3.5 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Import and export users and customers plugin versions = 1.16.3.5. Solution Update the WordPress Import and export users and customers plugin to the latest available version at least 1.16.3.5...

WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Easy Registration Forms plugin versions = 2.0.6. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

Import and export users and customers < 1.16.3.6 - CSV Injection

The plugin did not validate or sanitise user data, such as first and last names from the profile, leading to a CSV injection when the data is exported by an administrator...

Easy Registration Forms <= 2.0.6 - CSV Injection

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

weForms < 1.6.4 - CSV Injection

The plugin allows CSV injection via a form's entry...

Netskope 注入漏洞

Netskope is a threat protection gateway for cloud environments from US-based Netskope. An injection vulnerability exists in Netskope version 75.0, which stems from a CSV injection vulnerability that can be exploited by an attacker to inject a malicious payload into an administrator's portal,...

SuiteCRM CSV Injection Vulnerability

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

CVE-2020-15301

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...

CVE-2020-15301

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...

Sql injection

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...

CVE-2020-15301

SuiteCRM is affected by a CSV Injection vulnerability (Formula Injection) in the Accounts module. OSV records describe affected versions v7.11.18–v7.11.19 and v7.10.29–v7.10.31, where a low-privileged attacker can inject payloads into input fields; when an administrator exports data to CSV from t...

CVE-2020-15301

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...

PT-2020-14342 · Salesagility · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.14 Description: The issue allows for CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. This occurs due to mishandling of these fields during a Download Import Fi...

[0day] AIT CSV Import / Export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The WPScan research team discovered an active exploitation attempt against a 0day vulnerability within the premium AIT CSV Import / Export WordPress plugin within our honeypot logs. The honeypot log showed a GET request to the following file:...

WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Ryan WPScan in WordPress AIT CSV Import / Export plugin versions = 3.0.3. Solution 2020-11-13 - we were unable to find a patched version of this plugin...