Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45078 | 1 Solwininfotech | 1 User Blocker | 2024-11-21 | 7.2 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | ||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | ||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2022-3604 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | 7.8 High |
| The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | ||||
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2024-11-21 | 6.5 Medium |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2022-38844 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 8.0 High |
| CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. | ||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | ||||
| CVE-2022-2798 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 8.0 High |
| The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data | ||||
| CVE-2022-2240 | 1 Emarketdesign | 1 Request A Quote | 2024-11-21 | 8.8 High |
| The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | ||||
| CVE-2022-2112 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | ||||
| CVE-2022-2027 | 1 Kromit | 1 Titra | 2024-11-21 | 8.0 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. | ||||
| CVE-2022-29315 | 1 Invicti | 1 Acunetix | 2024-11-21 | 8.8 High |
| Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | ||||
| CVE-2022-28864 | 1 Nokia | 1 Netact | 2024-11-21 | 8.8 High |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | ||||
| CVE-2022-28481 | 1 Csv-safe Project | 1 Csv-safe | 2024-11-21 | 9.8 Critical |
| CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. | ||||
| CVE-2022-26867 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 5.9 Medium |
| PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | ||||
| CVE-2022-26249 | 1 Surveyking Project | 1 Surveyking | 2024-11-21 | 9.8 Critical |
| Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | ||||
| CVE-2022-23868 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | 7.8 High |
| RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | ||||
| CVE-2022-22689 | 1 Broadcom | 1 Ca Harvest Software Change Manager | 2024-11-21 | 8.8 High |
| CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | ||||
| CVE-2022-22121 | 1 Xgenecloud | 1 Nocodb | 2024-11-21 | 8 High |
| In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. | ||||