Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-08-02 | 9.8 Critical |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | ||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-08-02 | 6.5 Medium |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | ||||
| CVE-2023-48709 | 2024-08-02 | 8 High | ||
| iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0. | ||||
| CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-08-02 | 8.8 High |
| Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | ||||
| CVE-2023-42004 | 1 Ibm | 1 Security Guardium | 2024-08-02 | 8 High |
| IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | ||||
| CVE-2023-41798 | 1 Wpwax | 1 Directorist | 2024-08-02 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | ||||
| CVE-2023-35899 | 2024-08-02 | 7 High | ||
| IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. | ||||
| CVE-2023-33410 | 1 Minical | 1 Minical | 2024-08-02 | 8.8 High |
| Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | ||||
| CVE-2023-31867 | 1 Sage | 1 X3 | 2024-08-02 | 7.2 High |
| Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | ||||
| CVE-2023-31295 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-02 | 7.5 High |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | ||||
| CVE-2023-31294 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-02 | 7.5 High |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | ||||
| CVE-2023-29918 | 1 Rosariosis | 1 Rosariosis | 2024-08-02 | 5.4 Medium |
| RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | ||||
| CVE-2023-29109 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2024-08-02 | 4.4 Medium |
| The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. | ||||
| CVE-2023-25348 | 1 Churchcrm | 1 Churchcrm | 2024-08-02 | 7.8 High |
| ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | ||||
| CVE-2023-5527 | 1 Businessdirectoryplugin | 1 Business Directory | 2024-08-02 | 7.4 High |
| The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2023-5424 | 1 Westguardsolutions | 1 Ws Form | 2024-08-02 | 4.7 Medium |
| The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2023-2629 | 1 Pimcore | 1 Customer Management Framework | 2024-08-02 | 7.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | ||||
| CVE-2023-2258 | 1 Alf | 1 Alf | 2024-08-02 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | ||||
| CVE-2024-28764 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2024-08-02 | 6.5 Medium |
| IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. | ||||
| CVE-2024-28111 | 2024-08-02 | 6.5 Medium | ||
| Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue. | ||||