CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Prion•added 2022/04/19 3:15 p.m.•17 views

Input validation

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

9.3CVSS8.8AI score0.01393EPSS

Exploits1References1Affected Software1

CVE•added 2022/04/19 2:57 p.m.•75 views

CVE-2022-29315

CVE-2022-29315 : Invicti Acunetix before 14 is affected by a CSV injection vulnerability. The issue arises when exporting CSV and using the Description field on the Add Targets page, allowing injection into exported files. The CVSSv3.1 base score is 8.8 (HIGH) with network attack, no privileges r...

9.3CVSS8.8AI score0.01393EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2022/04/12 12:15 p.m.•5 views

CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9.8CVSS7.9AI score0.0265EPSS

Exploits1References3

ATTACKERKB•added 2021/04/13 3:17 p.m.•3 views

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS5.3AI score0.00878EPSS

Exploits0References2

Prion•added 2019/09/09 9:15 p.m.•14 views

Input validation

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file...

7.5CVSS9.4AI score0.01711EPSS

Exploits0References2Affected Software1

CNVD•added 2017/10/13 12:0 a.m.•3 views

WordPress cp-contact-form-with-paypal plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin is one of the payment plugins. A cross-site...

8.8CVSS8.3AI score0.01012EPSS

Exploits0References1

WPVulnDB•added 2014/08/01 12:0 a.m.•15 views

Participants Database < 1.5.4.9 - Unauthenticated SQL Injection

The Participants Database WordPress plugin was affected by an Unauthenticated SQL Injection vulnerability via the query parameter of the export CSV action...

7.5CVSS4.1AI score0.05798EPSS

Exploits1References4Affected Software1

NVD•added 2014/06/04 2:55 p.m.•24 views

CVE-2014-3961

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/...

7.5CVSS8.4AI score0.05798EPSS

Exploits1References7

Prion•added 2014/06/04 2:55 p.m.•19 views

Sql injection

7.5CVSS9.1AI score0.05798EPSS

Exploits1References7Affected Software1

ATTACKERKB•added 2012/08/31 9:55 p.m.•2 views

CVE-2011-5141

Directory traversal vulnerability in exportcsv/exportcsvindex.php in Open Business Management OBM 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the module parameter in an exportpage action...

6CVSS5.9AI score0.01296EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by