Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 2:12 a.m.9 views

CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 12:31 p.m.7 views

EUVD-2023-60572

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exporte...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5
NVD
NVD
added 2026/05/05 12:16 p.m.9 views

CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.4 views

CVE-2023-54348 ERPGo SaaS 3.9 CSV Injection via Vendor Creation

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37003

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exporte...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/10/30 8:8 p.m.38 views

Wisc. GOP's $2.3M MAGA Hat Debacle Showcases Fraud Concerns

The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise BEC attack. It’s just the latest in a litany of attacks related to the upcoming election, and it...

0.2AI score
Exploits0References13
Qualys Blog
Qualys Blog
added 2019/02/14 5:0 p.m.110 views

Know What’s on Your Network at All Times with Qualys Asset Inventory

Qualys has just launched a global IT asset inventory solution that offers full visibility across even the most hybrid, complex and distributed IT environments, addressing a challenge many security and IT teams face today. When IT directors and CISOs look at their digitally transformed networks,...

6.9AI score
Exploits0
Rows per page
Query Builder