Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5078 matches found

Prion
Prionadded 2018/05/01 7:29 p.m.14 views

Input validation

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

6.5CVSS9AI score0.0719EPSS
Exploits4References2Affected Software1
CVE
CVEadded 2018/05/01 7:0 p.m.51 views

CVE-2018-10258

Shopy Point of Sale v1.0 is affected by a CSV Injection vulnerability (CVE-2018-10258). A low-privilege user can craft data that, when exported to CSV, executes commands on the system. Exploitation details appear in multiple sources, including PoC steps showing adding =cmd|'/C calc'!A1 to a custo...

8.8CVSS8.9AI score0.07553EPSS
Exploits5References2Affected Software1
Cvelist
Cvelistadded 2018/05/01 7:0 p.m.30 views

CVE-2018-10257

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9AI score0.04389EPSS
Exploits4References2
CVE
CVEadded 2018/05/01 7:0 p.m.63 views

CVE-2018-10255

CVE-2018-10255 affects clustercoding Blog Master Pro v1.0 with a CSV Injection flaw that lets a user with low privileges inject commands into exported CSVs, potentially enabling code execution. Exploitation details are provided in PoC/articles (e.g., PoC showing commands like cmd|'/C calc'). Root...

8.8CVSS8.9AI score0.0719EPSS
Exploits4References2Affected Software1
Cvelist
Cvelistadded 2018/05/01 7:0 p.m.20 views

CVE-2018-10258

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9AI score0.07553EPSS
Exploits5References2
CVE
CVEadded 2018/05/01 7:0 p.m.55 views

CVE-2018-10257

CVE-2018-10257 describes a CSV Injection in HRSALE The Ultimate HRM v1.0.2. A low-privilege user can inject a command into CSV exports (e.g., in the First Name field) that becomes part of the downloaded file, potentially leading to code execution. The PoC shows adding =cmd|'/C calc'!A1 in a user’...

8.8CVSS8.9AI score0.04389EPSS
Exploits4References2Affected Software1
0day.today
0day.todayadded 2018/05/01 12:0 a.m.58 views

WordPress Form Maker 1.12.20 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and...

0.1AI score0.04732EPSS
Exploits5
WPVulnDB
WPVulnDBadded 2018/05/01 12:0 a.m.24 views

Form Maker by WD < 1.12.24 - CSV Injection

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin was affected by a CSV Injection security vulnerability...

6.8CVSS2.4AI score0.04732EPSS
Exploits5References3Affected Software1
Packet Storm
Packet Stormadded 2018/04/30 12:0 a.m.40 views

WordPress Form Maker 1.12.20 CSV Injection

Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and before Category: Plugins and Extensions...

0.1AI score0.04732EPSS
Exploits5
exploitpack
exploitpackadded 2018/04/30 12:0 a.m.31 views

WordPress Plugin Form Maker 1.12.20 - CSV Injection

WordPress Plugin Form Maker 1.12.20 - CSV Injection Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version:...

6.8CVSS0.4AI score0.04732EPSS
Exploits5
Exploit DB
Exploit DBadded 2018/04/30 12:0 a.m.34 views

WordPress Plugin Form Maker 1.12.20 - CSV Injection

Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and before Category: Plugins and Extensions...

7.8CVSS7.7AI score0.04732EPSS
Exploits5
OSV
OSVadded 2018/04/27 4:29 p.m.1 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.8CVSS5.8AI score0.04732EPSS
Exploits5References2
Prion
Prionadded 2018/04/27 4:29 p.m.10 views

Design/Logic Flaw

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

6.8CVSS7.8AI score0.04732EPSS
Exploits5References2Affected Software1
NVD
NVDadded 2018/04/27 4:29 p.m.26 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.8CVSS7.9AI score0.04732EPSS
Exploits5References2
CVE
CVEadded 2018/04/27 4:0 p.m.65 views

CVE-2018-10504

The CVE-2018-10504 entry concerns the WordPress plugin WebDorado Form Maker by WD, version prior to 1.12.24, which is vulnerable to CSV injection. The root cause is that CSV data exported by the Form Maker form can be crafted to execute commands when opened by a user with sufficient privileges, e...

7.8CVSS7.8AI score0.04732EPSS
Exploits5References2Affected Software1
Cvelist
Cvelistadded 2018/04/27 4:0 p.m.30 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.9AI score0.04732EPSS
Exploits5References2
Prion
Prionadded 2018/04/26 6:29 a.m.10 views

Code injection

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...

9.3CVSS8AI score0.04103EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2018/04/26 6:29 a.m.18 views

Code injection

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Sourcescript type="text/javascript" src=' line. Fix released on 2018-03-28...

9.3CVSS8AI score0.04103EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2018/04/26 6:29 a.m.1 views

CVE-2018-9113

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '...

9.3CVSS6.1AI score0.04103EPSS
Exploits1References4
NVD
NVDadded 2018/04/26 6:29 a.m.9 views

CVE-2018-9113

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...

9.3CVSS8AI score0.04103EPSS
Exploits1References3
Rows per page
Query Builder