Total
246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47485 | 1 Hikvision | 1 Hikcentral Master | 2025-03-13 | N/A | 9.8 CRITICAL |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | |||||
| CVE-2025-1836 | 2025-03-02 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2025-02-20 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||||
| CVE-2022-38061 | 1 Apasionados | 1 Export Post Info | 2025-02-20 | N/A | 6.2 MEDIUM |
| Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | |||||
| CVE-2023-25983 | 1 Logon | 1 Kb Support | 2025-02-11 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |||||
| CVE-2023-46400 | 1 Kwhotel | 1 Kwhotel | 2025-02-07 | N/A | 9.8 CRITICAL |
| KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. | |||||
| CVE-2019-16120 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | |||||
| CVE-2023-46401 | 1 Kwhotel | 1 Kwhotel | 2025-02-04 | N/A | 9.8 CRITICAL |
| KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. | |||||
| CVE-2023-25348 | 1 Churchcrm | 1 Churchcrm | 2025-02-04 | N/A | 7.8 HIGH |
| ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | |||||
| CVE-2023-29918 | 1 Rosariosis | 1 Rosariosis | 2025-01-30 | N/A | 5.4 MEDIUM |
| RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | |||||
| CVE-2024-3214 | 1 Relevanssi | 1 Relevanssi | 2025-01-28 | N/A | 5.8 MEDIUM |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2024-22063 | 1 Zte | 1 Zenic One R58 | 2025-01-28 | N/A | 7.6 HIGH |
| The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices. | |||||
| CVE-2023-33410 | 1 Minical | 1 Minical | 2025-01-08 | N/A | 8.8 HIGH |
| Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | |||||
| CVE-2024-53555 | 2024-11-26 | N/A | 8.8 HIGH | ||
| A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. | |||||
| CVE-2024-27785 | 1 Fortinet | 1 Fortiaiops | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | |||||
| CVE-2023-5527 | 1 Businessdirectoryplugin | 1 Business Directory | 2024-11-21 | N/A | 7.4 HIGH |
| The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2023-5424 | 1 Westguardsolutions | 1 Ws Form | 2024-11-21 | N/A | 4.7 MEDIUM |
| The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | |||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-11-21 | N/A | 6.5 MEDIUM |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | |||||
| CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | |||||