luyadev/yii-helpers is vulnerable to CSV injection. The vulnerability is possible because the library does not properly neutralize the Firstname
and the Lastname
, which allows an attacker to inject malicious inputs causing several harmful outcomes such as, client-sided command injection, code execution or sensitive information exposure.