CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

EUVD-2020-30859

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941

Knockpy 4.1.1 is vulnerable to a CSV injection due to unfiltered server headers, enabling malicious spreadsheet formulas to be injected into CSV reports and potentially execute when opened in spreadsheet apps. The issue is confirmed with CVSS v3.1/4.0 data indicating a high impact (base score 9.8...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941 Knockpy 4.1.1 - CSV Injection

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941 Knockpy 4.1.1 - CSV Injection

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

PT-2026-4923

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2018-25135

CVE-2018-25135 affects Anviz AIM CrossChex Standard 4.3.6.0. The CSV injection vulnerability arises from user import fields (e.g., Name, Gender, Position) that can contain malicious formulas, triggering Excel macro execution when importing user data. Reported impact includes command execution in ...

CVE-2023-53905

CVE-2023-53905 affects ProjectSend r1605 and describes a CSV injection vulnerability where authenticated users can inject malicious formulas into user profile names. The vulnerability can trigger code execution when administrators export action logs to CSV files, with an example payload such as =...

EUVD-2016-1165

Malware in sbrugna...

EUVD-2023-52746

Malicious code in bioql PyPI...

Exploit for Code Injection in Dgorissen Pycel

CVE-2024-53924 - Description: Pycel through 1.0b30, when oper...

CSV Injection

org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...

CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...

CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This...

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.9, 3.0.4, 3.1.1, and 3.2.0, which stems from the fact that when data is exported from the backend or portal in the form of a CSV or Excel file, the user's input may...

Improper Input Validation

Overview html-to-csv is an utility that extracts tables from HTML documents and converts them to CSV format Affected versions of this package are vulnerable to Improper Input Validation. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be...

Elasticsearch Logstash Security Bypass Vulnerability

Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.1.2. An attacker can exploit...

CVE-2016-1000222

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data...