Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11652 | 1 Cirt.net | 1 Nikto | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | |||||
| CVE-2018-11526 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | |||||
| CVE-2018-11525 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | |||||
| CVE-2018-10504 | 1 Web-dorado | 1 Form Maker | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | |||||
| CVE-2018-10258 | 1 Codeslab | 1 Shopy Point Of Sale | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2018-10257 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2018-10255 | 1 Clustercoding | 1 Blog Master Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2021-38963 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-09-30 | N/A | 8.0 HIGH |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2024-27320 | 1 Refuel | 1 Autolabel | 2024-09-23 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it. | |||||
| CVE-2024-27321 | 1 Refuel | 1 Autolabel | 2024-09-20 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it. | |||||
| CVE-2024-41226 | 1 Automationanywhere | 1 Automation 360 | 2024-09-03 | N/A | 7.8 HIGH |
| A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability. | |||||