Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3604 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-13 | 7.8 High |
| The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | ||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-11-12 | 7 High |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | ||||
| CVE-2021-1474 | 1 Cisco | 1 Umbrella | 2024-11-08 | 6.5 Medium |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1475 | 1 Cisco | 1 Umbrella | 2024-11-08 | 6.5 Medium |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-47022 | 1 Ncr | 1 Terminal Handler | 2024-11-07 | 6.5 Medium |
| Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | ||||
| CVE-2023-3302 | 1 Admidio | 1 Admidio | 2024-11-07 | 7.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-3493 | 1 Fossbilling | 1 Fossbilling | 2024-11-04 | 8.0 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | ||||
| CVE-2021-24016 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | 3.7 Low |
| An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | ||||
| CVE-2022-28864 | 1 Nokia | 1 Netact | 2024-10-24 | 8.8 High |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | ||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2024-10-22 | 4 Medium |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | ||||
| CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2024-10-22 | 7.3 High |
| Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | ||||
| CVE-2024-47485 | 1 Hikvision | 2 Hikcentral Master, Hikcentral Master Lite | 2024-10-22 | 9.8 Critical |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | ||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-10-21 | 6.8 Medium |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | ||||
| CVE-2024-24337 | 1 Koha | 1 Koha | 2024-10-16 | 8.0 High |
| CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | ||||
| CVE-2019-17661 | 1 Admincolumns | 1 Admin Columns | 2024-10-15 | 8.8 High |
| A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | ||||
| CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-10-11 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | ||||
| CVE-2023-38843 | 1 Atlos | 1 Atlos | 2024-10-08 | 8.0 High |
| An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | ||||
| CVE-2021-38963 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | 8 High |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2020-10131 | 1 Searchblox | 1 Searchblox | 2024-09-26 | 9.8 Critical |
| SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | ||||
| CVE-2024-27320 | 1 Refuel | 1 Autolabel | 2024-09-23 | 7.8 High |
| An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it. | ||||