Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

WordPress Relevanssi plugin <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export vulnerability

Missing Authorization to Unauthenticated Query Log Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Relevanssi versions = 4.22.0...

CVE-2021-24696

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from...

CVE-2025-4078 Wangshen SecGate 3600 g=log_export_file path traversal

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=logexportfile. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has bee...

CVE-2023-4269 User Activity Log < 1.6.6 - Subscriber+ Log Export

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses...