Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16308 | 1 Ninjaforms | 1 Ninja Forms | 2023-12-10 | 6.8 MEDIUM | 8.6 HIGH |
| The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | |||||
| CVE-2018-1774 | 1 Ibm | 1 Api Connect | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. | |||||
| CVE-2018-16275 | 1 Opswat | 1 Metadefender | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| OPSWAT MetaDefender before v4.11.2 allows CSV injection. | |||||
| CVE-2018-10258 | 1 Codeslab | 1 Shopy Point Of Sale | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2018-11526 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | |||||
| CVE-2018-10504 | 1 Web-dorado | 1 Form Maker | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | |||||
| CVE-2018-8092 | 1 Mautic | 1 Mautic | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Mautic before 2.13.0 allows CSV injection. | |||||
| CVE-2018-9137 | 1 Open-audit | 1 Open-audit | 2023-12-10 | 3.5 LOW | 6.8 MEDIUM |
| Open-AudIT before 2.2 has CSV Injection. | |||||
| CVE-2018-9035 | 1 Contact-form-7-to-database-extension Project | 1 Contact-form-7-to-database-extension | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | |||||
| CVE-2018-7304 | 1 Tiki | 1 Tiki | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | |||||
| CVE-2018-9106 | 1 Acyba | 1 Acysms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | |||||
| CVE-2018-10257 | 1 Hrsale Project | 1 Hrsale | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2018-11525 | 1 Algolplus | 1 Advanced Order Export | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | |||||
| CVE-2018-9107 | 1 Acyba | 1 Acymailing | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | |||||
| CVE-2018-11652 | 1 Cirt.net | 1 Nikto | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | |||||
| CVE-2018-10255 | 1 Clustercoding | 1 Blog Master Pro | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||