Total
216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13826 | 1 I-doit | 1 I-doit | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | |||||
| CVE-2021-24441 | 1 Fetchdesigns | 1 Sign-up Sheets | 2021-07-15 | 6.0 MEDIUM | 8.0 HIGH |
| The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue | |||||
| CVE-2021-22153 | 1 Blackberry | 1 Unified Endpoint Management | 2021-05-21 | 6.0 MEDIUM | 7.3 HIGH |
| A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user. | |||||
| CVE-2021-29667 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2021-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403. | |||||
| CVE-2021-27839 | 1 Bigprof | 1 Online Invoicing System | 2021-03-10 | 5.8 MEDIUM | 4.4 MEDIUM |
| A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. | |||||
| CVE-2021-21302 | 1 Prestashop | 1 Prestashop | 2021-03-04 | 6.5 MEDIUM | 7.2 HIGH |
| PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 | |||||
| CVE-2020-9205 | 1 Huawei | 1 Manageone | 2021-02-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2021-3188 | 1 Phplist | 1 Phplist | 2021-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | |||||
| CVE-2020-9200 | 1 Huawei | 1 Imanager Neteco 6000 | 2020-12-28 | 7.2 HIGH | 7.8 HIGH |
| There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2020-28861 | 1 Openasset | 1 Digital Asset Management | 2020-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application. | |||||
| CVE-2020-28845 | 1 Netskope | 1 Netskope | 2020-12-02 | 9.3 HIGH | 7.8 HIGH |
| A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | |||||
| CVE-2020-15301 | 1 Salesagility | 1 Suitecrm | 2020-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. | |||||
| CVE-2020-26507 | 1 Marmind | 1 Marmind | 2020-11-19 | 9.3 HIGH | 7.8 HIGH |
| A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC. | |||||
| CVE-2020-25170 | 1 Bbraun | 1 Onlinesuite Application Package | 2020-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. | |||||
| CVE-2020-25398 | 1 Mind | 1 Imind Server | 2020-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | |||||
| CVE-2020-22274 | 1 Jomsocial | 1 Jomsocial | 2020-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. | |||||
| CVE-2020-4759 | 1 Ibm | 1 Filenet Content Manager | 2020-11-12 | 9.3 HIGH | 7.8 HIGH |
| IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. | |||||
| CVE-2020-22276 | 1 Weformspro | 1 Weforms | 2020-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. | |||||
| CVE-2020-24707 | 1 Getgophish | 1 Gophish | 2020-10-30 | 9.3 HIGH | 7.8 HIGH |
| Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | |||||
| CVE-2019-11275 | 2 Pivotal, Pivotal Software | 2 Apps Manager, Pivotal Application Service | 2020-10-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege. | |||||