2 matches found
CVE-2020-5299
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5299
OctoberCMS (composer package october/october) versions 1.0.319–1.0.465 are vulnerable to CSV injection via data that can be exported through the ImportExportController. The root cause is data that can be controlled by an attacker being exported and then opened in vulnerable spreadsheet software, ...