Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38843 | 1 Atlos | 1 Atlos | 2024-11-21 | N/A | 8.0 HIGH |
| An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | |||||
| CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2024-11-21 | N/A | 7.3 HIGH |
| Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | |||||
| CVE-2023-35899 | 2024-11-21 | N/A | 7.0 HIGH | ||
| IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. | |||||
| CVE-2023-31867 | 1 Sage | 1 X3 | 2024-11-21 | N/A | 7.2 HIGH |
| Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2023-31295 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | |||||
| CVE-2023-31294 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | |||||
| CVE-2023-2629 | 1 Pimcore | 1 Customer Management Framework | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | |||||
| CVE-2023-2258 | 1 Alf | 1 Alf | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | |||||
| CVE-2023-29109 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. | |||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-11-21 | N/A | 7.0 HIGH |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | |||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | N/A | 4.0 MEDIUM |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | |||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 7.0 HIGH |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | |||||
| CVE-2022-4034 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | N/A | 5.8 MEDIUM |
| The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||||
| CVE-2022-46408 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 6.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | |||||
| CVE-2022-41675 | 1 Raidenmaild | 1 Raidenmaild | 2024-11-21 | N/A | 8.0 HIGH |
| A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | |||||
| CVE-2022-3604 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | N/A | 7.8 HIGH |
| The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2024-11-21 | N/A | 6.5 MEDIUM |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-38844 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A | 8.0 HIGH |
| CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. | |||||