Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7947 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. | ||||
| CVE-2020-7049 | 1 Nozominetworks | 1 Guardian | 2024-11-21 | 7.3 High |
| Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. | ||||
| CVE-2020-4759 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 7.8 High |
| IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. | ||||
| CVE-2020-4689 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 6.8 Medium |
| IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | ||||
| CVE-2020-4633 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 8.8 High |
| IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | ||||
| CVE-2020-4627 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 9.0 Critical |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. | ||||
| CVE-2020-4302 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 7.8 High |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. | ||||
| CVE-2020-36503 | 1 Connections-pro | 1 Connections Business Directory | 2024-11-21 | 8.0 High |
| The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | ||||
| CVE-2020-28861 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 5.3 Medium |
| OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application. | ||||
| CVE-2020-28845 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | ||||
| CVE-2020-26507 | 1 Marmind | 1 Marmind | 2024-11-21 | 7.8 High |
| A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC. | ||||
| CVE-2020-25445 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 7.8 High |
| The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. | ||||
| CVE-2020-25398 | 1 Mind | 1 Imind Server | 2024-11-21 | 8.8 High |
| CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | ||||
| CVE-2020-25170 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 7.8 High |
| An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. | ||||
| CVE-2020-24707 | 1 Getgophish | 1 Gophish | 2024-11-21 | 7.8 High |
| Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | ||||
| CVE-2020-22390 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 8.8 High |
| Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened. | ||||
| CVE-2020-22278 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 8.8 High |
| phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. | ||||
| CVE-2020-22277 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 8.0 High |
| Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | ||||
| CVE-2020-22276 | 1 Weformspro | 1 Weforms | 2024-11-21 | 9.8 Critical |
| WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. | ||||
| CVE-2020-22275 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2024-11-21 | 8.8 High |
| Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. | ||||