CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

Design/Logic Flaw

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

Design/Logic Flaw

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users...

CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

CVE-2019-20184

CVE-2019-20184 affects KeePass 2.4.1 and concerns CSV injection in the title field of a CSV export. The connected documents consistently describe this issue for KeePass 2.4.1, but do not provide specifics on the root cause beyond classifying it as a CSV injection vulnerability, nor details on aff...

CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

CVE-2019-20180

The CVE-2019-20180 entry concerns the WordPress TablePress plugin, version 1.9.2. The documented issue is a CSV injection in tablepress[data] that can be triggered by Editor users when exporting data, with the underlying claim that the vulnerability arises from how CSV is opened by the target app...

WordPress WooCommerce - Store Exporter plugin <= 2.3.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Vishnupriya Ilango FortiGuard Labs in WordPress WooCommerce - Store Exporter plugin versions = 2.3.1. Solution Update the WordPress WooCommerce - Store Exporter plugin to the latest available version at least 2.4...

WooCommerce - Store Exporter < 2.4 - CSV Injection

A CSV Injection vulnerability was discovered in WooCommerce - Store Exporter v 2.3.1. It allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible command/code execution...

PT-2020-10361 · Tablepress · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress plugin version 1.9.2 Description: The issue allows tablepressdata CSV injection by Editor users. This could potentially lead to malicious actions when the CSV file is opened by an application. Note that the vendor disputes this...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability

Unauthorised Authenticated Users Export vulnerability found in WordPress Import Users From CSV with Meta plugin version 1.15. Solution Update WordPress Import Users From CSV with Meta plugin to the latest available version at least 1.15.0.1...

Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export

The exportuserscsv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue. Only version 1.15 seems to be affected as the export functionality is a new feature...

PT-2019-6281 · WordPress · Wp Users Exporter

Name of the Vulnerable Software and Affected Versions: WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2 Description: The issue is related to CSV Injection via the 'Export Users' functionality, allowing authenticated attackers to embed untrusted input into profile...

Security Bulletin: CSV Injection (CVE-2019-4490)

Summary Maliciously crafted data in UCD could generate a malicious csv download file, when opened with certain unpactched 3rd party tools. Vulnerability Details CVEID: CVE-2019-4490 DESCRIPTION: CVSS Base score: 7.8 CVSS Temporal Score: See:...

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7...

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7...