Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29109 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2023-12-10 | N/A | 4.6 MEDIUM |
| The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. | |||||
| CVE-2023-3493 | 1 Fossbilling | 1 Fossbilling | 2023-12-10 | N/A | 8.0 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | |||||
| CVE-2023-2629 | 1 Pimcore | 1 Customer Management Framework | 2023-12-10 | N/A | 7.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | |||||
| CVE-2023-3302 | 1 Admidio | 1 Admidio | 2023-12-10 | N/A | 7.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2023-25348 | 1 Churchcrm | 1 Churchcrm | 2023-12-10 | N/A | 7.8 HIGH |
| ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | |||||
| CVE-2023-33410 | 1 Minical | 1 Minical | 2023-12-10 | N/A | 8.8 HIGH |
| Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | |||||
| CVE-2023-31867 | 1 Sage | 1 X3 | 2023-12-10 | N/A | 7.2 HIGH |
| Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | |||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2023-12-10 | N/A | 8.8 HIGH |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||||
| CVE-2022-37786 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-12-10 | N/A | 6.3 MEDIUM |
| An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page. | |||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2023-12-10 | N/A | 7.3 HIGH |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | |||||
| CVE-2022-44830 | 1 Event Registration Application Project | 1 Event Registration Application | 2023-12-10 | N/A | 7.8 HIGH |
| Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | |||||
| CVE-2022-35281 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-12-10 | N/A | 8.8 HIGH |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | |||||
| CVE-2022-41675 | 1 Raidenmaild | 1 Raidenmaild | 2023-12-10 | N/A | 8.0 HIGH |
| A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | |||||
| CVE-2022-4034 | 1 Dwbooster | 1 Appointment Hour Booking | 2023-12-10 | N/A | 7.8 HIGH |
| The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-40472 | 1 Zktec | 1 Zkbio Time | 2023-12-10 | N/A | 8.0 HIGH |
| ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module. | |||||
| CVE-2022-2240 | 1 Emarketdesign | 1 Request A Quote | 2023-12-10 | N/A | 8.8 HIGH |
| The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | |||||
| CVE-2022-3558 | 1 Codection | 1 Import And Export Users And Customers | 2023-12-10 | N/A | 8.0 HIGH |
| The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | |||||
| CVE-2022-2429 | 1 Ultimatesmsnotifications | 1 Ultimate Sms Notifications For Woocommerce | 2023-12-10 | N/A | 8.0 HIGH |
| The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-38061 | 1 Apasionados | 1 Export Post Info | 2023-12-10 | N/A | 5.7 MEDIUM |
| Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | |||||
| CVE-2022-22425 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598." | |||||