Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45350 | 1 Simple-history | 1 Simple History | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. | |||||
| CVE-2022-45348 | 1 Anmari | 1 Amr Users | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | |||||
| CVE-2022-45078 | 1 Solwininfotech | 1 User Blocker | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | |||||
| CVE-2022-44830 | 1 Event Registration Application Project | 1 Event Registration Application | 2024-11-21 | N/A | 7.8 HIGH |
| Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | |||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |||||
| CVE-2022-41675 | 1 Raidenmaild | 1 Raidenmaild | 2024-11-21 | N/A | 8.0 HIGH |
| A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | |||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |||||
| CVE-2022-40472 | 1 Zktec | 1 Zkbio Time | 2024-11-21 | N/A | 8.0 HIGH |
| ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module. | |||||
| CVE-2022-40294 | 1 Phppointofsale | 1 Php Point Of Sale | 2024-11-21 | N/A | 8.8 HIGH |
| The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. | |||||
| CVE-2022-3604 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | N/A | 7.8 HIGH |
| The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||
| CVE-2022-3574 | 1 Wpforms | 1 Wpforms Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | |||||
| CVE-2022-3558 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | N/A | 8.0 HIGH |
| The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | |||||
| CVE-2022-3463 | 1 Fluentforms | 1 Contact Form | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | |||||
| CVE-2022-3393 | 1 Bestwebsoft | 1 Post To Csv | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | |||||
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2024-11-21 | N/A | 6.5 MEDIUM |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-38844 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A | 8.0 HIGH |
| CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. | |||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |||||
| CVE-2022-35281 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | |||||
| CVE-2022-2798 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data | |||||