5078 matches found
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
DokuWiki 2018-04-22a Greebo Arbitrary Code Execution Vulnerability
DokuWiki version 2018-04-22a Greebo suffers from a CSV formula injection vulnerability that allows for arbitrary code execution. ======================================================================= title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and olde...
DokuWiki 2018-04-22a Greebo Arbitrary Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and older versions fixed version: None CVE number: CVE-2018-15474 impact: Medium homepage...
CVE-2018-16308
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...
CVE-2018-16308
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...
Design/Logic Flaw
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...
CVE-2018-16308
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...
CVE-2018-16308
CVE-2018-16308 — CSV Injection in WordPress Ninja Forms is a vulnerability in the Ninja Forms plugin for WordPress, affecting versions before 3.3.14.1. The issue is a CSV injection flaw in the plugin’s handling of form data exported to CSV. The CVSS metrics indicate a high impact when exploited l...
WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability
CSV Injection vulnerability found by Javier Olmedo in WordPress Export Users to CSV plugin versions = 1.1.1. Solution 2018.09.01 - we were unable to find a patched version of this plugin...
Input validation
OPSWAT MetaDefender before v4.11.2 allows CSV injection...
CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection...
CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection...
CVE-2018-16275
CVE-2018-16275 affects OPSWAT MetaDefender prior to 4.11.2 and enables CSV injection. The connected sources consistently state the product and version boundary, identifying the vulnerability as CSV injection in that release line. The CVE details do not provide explicit exploit vectors beyond this...
Automattic: Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce
This vulnerability is based on the following exploitation technique: https://blog.ripstech.com/2018/new-php-exploitation-technique/ It is easier to explain this vulnerability by having watched the PoC first: https://www.youtube.com/watch?v=mr3bAOIUwd4 Here is what's happening: 1. Since a valid ph...
WordPress Export Users to CSV Plugin CSV Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Export Users to CSV plugin is used in one of the user data and other metadata exported to a CSV file plugin. A CSV...
WordPress Export Users to CSV Plugin <= 1.1.1 CSV Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112370";...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
Design/Logic Flaw
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...