323 matches found
CVE-2022-31260
In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...
CVE-2011-0791
Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export...
CVE-2022-31134
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...
PT-2026-1709
Name of the Vulnerable Software and Affected Versions Contact Form vCard Generator versions up to and including 2.4 Description The Contact Form vCard Generator plugin for WordPress has a flaw where a missing capability check on the wp gvccf check download request function allows unauthorized...
EUVD-2023-60217
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53929
Summary: CVE-2023-53929 affects phpMyFAQ 3.1.12. The vulnerability arises in the user data export workflow: an authenticated user can place CSV-injection payloads (e.g., calc|a!z|) in their profile name, which can trigger code execution when an administrator exports user data as CSV. Affected sof...
CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
CVE-2025-60912
phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...
CVE-2025-13606
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
EUVD-2025-200180
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...
WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability
WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...
PT-2025-48014
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash watch for export function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...
CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...
CVE-2025-62720
CVE-2025-62720 affects the LinkAce self-hosted archive. The vulnerability lies in the ExportController HTML/CSV export paths, which retrieve all links without applying ownership or visibility filtering, enabling any authenticated user to exfiltrate private links from all users. Affected versions ...
PT-2025-45055
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.4.0 Description LinkAce is a self-hosted archive for website links. Versions 2.3.1 and below permit any authenticated user to export the complete database of links, including private links intended only for their...
CVE-2020-36867
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...
EUVD-2025-35834
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
CVE-2025-60852
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system...
CVE-2025-10638
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...