Vulnerabilities (CVE)

Filtered by CWE-1236
Total 201 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3493 1 Fossbilling 1 Fossbilling 2024-11-21 N/A 8.0 HIGH
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3302 1 Admidio 1 Admidio 2024-11-21 N/A 7.8 HIGH
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
CVE-2023-38843 1 Atlos 1 Atlos 2024-11-21 N/A 8.0 HIGH
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function.
CVE-2023-37219 1 Tadirantele 1 Aeonix 2024-11-21 N/A 7.3 HIGH
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CVE-2023-35899 2024-11-21 N/A 7.0 HIGH
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.
CVE-2023-33410 1 Minical 1 Minical 2024-11-21 N/A 8.8 HIGH
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.
CVE-2023-31867 1 Sage 1 X3 2024-11-21 N/A 7.2 HIGH
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
CVE-2023-31296 1 Sesami 1 Cash Point \& Transport Optimizer 2024-11-21 N/A 5.3 MEDIUM
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.
CVE-2023-31295 1 Sesami 1 Cash Point \& Transport Optimizer 2024-11-21 N/A 7.5 HIGH
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.
CVE-2023-31294 1 Sesami 1 Cash Point \& Transport Optimizer 2024-11-21 N/A 7.5 HIGH
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.
CVE-2023-2629 1 Pimcore 1 Customer Management Framework 2024-11-21 N/A 7.8 HIGH
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVE-2023-2258 1 Alf 1 Alf 2024-11-21 N/A 8.8 HIGH
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
CVE-2023-29918 1 Rosariosis 1 Rosariosis 2024-11-21 N/A 5.4 MEDIUM
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
CVE-2023-29109 1 Sap 4 Abap Platform, Application Interface Framework, Basis and 1 more 2024-11-21 N/A 4.4 MEDIUM
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.
CVE-2023-28958 1 Ibm 1 Watson Knowledge Catalog On Cloud Pak For Data 2024-11-21 N/A 7.0 HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.
CVE-2023-25983 1 Liquidweb 1 Kb Support 2024-11-21 N/A 8.8 HIGH
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.
CVE-2023-25611 1 Fortinet 1 Fortianalyzer 2024-11-21 N/A 4.0 MEDIUM
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
CVE-2023-25348 1 Churchcrm 1 Churchcrm 2024-11-21 N/A 7.8 HIGH
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
CVE-2023-22877 1 Ibm 1 Infosphere Information Server 2024-11-21 N/A 7.0 HIGH
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
CVE-2022-4034 1 Dwbooster 1 Appointment Hour Booking 2024-11-21 N/A 5.8 MEDIUM
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.