CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2025/05/22 4:42 p.m.•5 views

CVE-2020-5299

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...

5.1CVSS6.8AI score0.00673EPSS

Exploits2References1

Veracode•added 2020/06/04 3:19 a.m.•13 views

CSV Injection

october/october is vulnerable to CSV Injection. The vulnerability exists as it does not sanitize the value of $record in ImportExportController.php...

5.1CVSS2.2AI score0.00673EPSS

Exploits2References6Affected Software1

NVD•added 2020/06/03 10:15 p.m.•8 views

CVE-2020-5299

5.1CVSS4.7AI score0.00673EPSS

Exploits2References5

Prion•added 2020/06/03 10:15 p.m.•9 views

Design/Logic Flaw

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...

3.5CVSS4.8AI score0.00759EPSS

Exploits3References4Affected Software1

Cvelist•added 2020/06/03 10:0 p.m.•13 views

CVE-2020-5299 Potential CSV Injection vector in OctoberCMS

4CVSS5.2AI score0.00673EPSS

Exploits2References5

Github Security Blog•added 2020/06/03 9:58 p.m.•52 views

Potential CSV Injection vector in OctoberCMS

Impact Any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following...

5.1CVSS0.5AI score0.00673EPSS

Exploits2References7Affected Software1