CVE-2020-22277

The CVE-2020-22277 issue affects the WordPress plugin “Import and export users and customers” (versions up to 1.15.5.11; through 1.16.3.5 per Patchstack entry). The root cause is CSV injection via profile data exported by an administrator, caused by insufficient validation/sanitation of user data...

CVE-2020-22277

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile...

CVE-2020-22276

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...

CVE-2020-22276

The CVE-2020-22276 affects the WeForms WordPress plugin, version 1.4.7, which is vulnerable to CSV injection via a form entry. The CVSS data in the record shows a high severity (CVSS v3.1 base score 9.8, CRITICAL) with network attack vector, no authentication, and no user interaction required, im...

CVE-2020-22278

Summary (CVE-2020-22278): phpMyAdmin up to 5.0.2 is listed as vulnerable to a CSV injection via the Export feature. The description notes the vendor disputes this claim by stating that the CSV is generated from database contents (i.e., the data itself, not the export process, is called out). The ...

CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

CSV Injection

tendenci is vulnerable to CSV injection. The Contact Us feature allows an attacker to inject arbitrary CSV formulas and code, which would execute when a user exports the data to a CSV file...

CVE-2020-27358

CVE-2020-27358 affects REDCap 8.11.6 through 9.x before 10. The Messenger CSV export feature is vulnerable to an access-control bypass: non-privileged users can exfiltrate another user’s conversation threads by altering thread_id in the request to Messenger/messenger_download_csv.php?title=Hey&th...

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

Gophish CSV Injection Vulnerability

Gophish is a powerful open source phishing framework. A CSV injection vulnerability exists in Gophish versions prior to 0.11.0. No detailed vulnerability details are provided at this time...

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

Code injection

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

CVE-2020-24707

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

CVE-2020-24707

Gophish (before 0.11.0) is affected by a CSV injection vulnerability: it allows creation of CSV sheets containing malicious content. The issue is documented across multiple sources, with remediation to upgrade to v0.11.0 (see references to v0.11.0 release).

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

Input validation

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

CVE-2020-15255 CSV injection in Anuko Time Tracker

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...