CWE-1236: CWE-1236

This vulnerability allows CSV formula injection attacks in the titra time tracking software. Attackers can craft malicious CSV files that execute form...

CVE-2022-22121 is a CSV injection vulnerability in NocoDB that allows low-privileged attackers to inject malicious formulas into exported CSV files. W...

This vulnerability in the Connections Business Directory WordPress plugin allows CSV injection through unvalidated/sanitized fields. Attackers can inj...

CVE-2021-25962 is a formula injection vulnerability in the Shuup e-commerce platform that allows customers to inject malicious payloads into billing a...

This is a CSV injection vulnerability in SuiteCRM that allows low-privileged attackers to inject malicious formulas into input fields. When an adminis...

This CSV injection vulnerability in the Sign-up Sheets WordPress plugin allows attackers to embed malicious formulas in exported CSV files. When opene...

Bagisto eCommerce platform versions before 2.3.8 accept product data starting with spreadsheet formula characters (=, +, -, @). When exported to CSV a...

A CSV injection vulnerability in Automation Anywhere Automation 360 allows attackers to execute arbitrary code via crafted payloads in CSV files. This...

The Contact Form Entries WordPress plugin before version 1.3.0 does not properly validate user input when exporting data to CSV files, allowing attack...

This vulnerability allows CSV formula injection in Admidio, enabling attackers to execute arbitrary commands or exfiltrate data when users open malici...

This vulnerability allows CSV formula injection attacks in Pimcore Customer Data Framework. Attackers can embed malicious formulas in CSV files that e...

This CVE describes a CSV injection vulnerability in the yii-helpers library prior to version 1.2.1. Attackers can embed malicious formulas in CSV file...

CVE-2021-43515 is a CSV injection vulnerability in Kimai time tracking software that allows attackers to inject malicious formulas into exported CSV f...

RuoYi v4.7.2 contains a CSV injection vulnerability in the admin module that allows attackers to embed malicious formulas in exported Excel log files....

This vulnerability in Magnolia CMS allows attackers to inject malicious formulas into exported CSV/XLS files through the Export function. When victims...

This CVE describes a CSV injection vulnerability in Mahara e-portfolio software where exported CSV files could contain malicious formulas that spreads...

This CSV formula injection vulnerability in Booking Core 1.7.0 allows attackers to embed malicious Excel formulas in subscription data. When administr...

This CVE describes a CSV injection vulnerability in IBM Spectrum Scale that allows remote attackers to execute arbitrary commands on affected systems....

ZTE ZENIC ONE R58 products contain a command injection vulnerability that allows authenticated attackers to execute arbitrary commands. This enables m...

This CSV formula injection vulnerability in HCL Unica 12.0.0 allows attackers to execute arbitrary formulas when CSV files are opened in spreadsheet a...

A CSV injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 allows remote attackers to extract sensitive informati...

A CSV injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 allows remote attackers to extract sensitive informati...

This CSV injection vulnerability in the Business Directory Plugin for WordPress allows authenticated attackers with author-level permissions or higher...

A CSV formula injection vulnerability in TrueConf Server v5.5.2.10813 allows authenticated users to embed malicious spreadsheet formulas in exported c...

This vulnerability allows attackers to execute arbitrary commands on Schneider Electric Easergy T300 devices by exploiting improper CSV formula elemen...

This CVE allows remote code execution through BlackBerry UEM's Management Console spreadsheet application. An attacker could execute arbitrary command...

This CSV injection vulnerability in the User Blocker WordPress plugin allows authenticated attackers to inject malicious formulas into CSV files. When...

This vulnerability allows CSV injection attacks in the WP Cookie Consent WordPress plugin. Attackers can embed malicious formulas in CSV exports that ...

Sage X3 version 12.14.0.50-0 is vulnerable to CSV injection, which allows attackers to embed malicious formulas in exported CSV files. When users open...

Ericsson Network Manager (ENM) versions before 23.1 have a CSV injection vulnerability in the application log export function. Attackers with administ...

This CVE describes a CSV injection vulnerability in IBM Cloud Pak for Automation that allows remote attackers to execute arbitrary commands on affecte...

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is vulnerable to CSV injection, allowing remote attackers to execute arbitrary commands on the ...

The Simple User Import Export WordPress plugin contains a CSV injection vulnerability that allows authenticated administrators to embed malicious form...

This vulnerability in Movable Type allows CSV injection attacks where malformed data input to the product results in malicious code being embedded in ...

A CSV injection vulnerability in Instant Developer Foundation allows attackers to embed malicious formulas in CSV exports. When users open these files...

CVE-2024-28764 is a CSV injection vulnerability in IBM WebSphere Automation 1.7.0 that allows attackers with network access to execute arbitrary comma...

A formula injection vulnerability in Moodle allows remote attackers to embed malicious formulas in exported data. When users export this data and open...

The AnWP Football Leagues WordPress plugin contains a CSV injection vulnerability that allows authenticated administrators to embed malicious formulas...

A CSV injection vulnerability in HikCentral Master Lite allows attackers to inject executable commands via malicious CSV data. This affects users who ...

PHPJabbers Event Booking Calendar v4.0 has a CSV injection vulnerability that allows attackers to inject malicious formulas into exported CSV files. W...

The WS Form LITE WordPress plugin versions up to 1.9.217 contain a CSV injection vulnerability that allows unauthenticated attackers to embed maliciou...

This CSV injection vulnerability in the AI Chatbot Free Models WordPress plugin allows unauthenticated attackers to embed malicious formulas in export...

This CSV injection vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attackers to embed malicious formulas in exported CSV ...

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows authenticated attackers to embed malicious macros in d...

The Broken Link Notifier WordPress plugin contains a CSV injection vulnerability that allows authenticated attackers with Contributor-level access or ...

This CSV injection vulnerability in Best Practical Request Tracker (RT) allows attackers to inject malicious formulas into exported TSV files. When us...