CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236
CVE-2020-13247 HIGH
BooleBox Secure File Sharing Utility <4.2.3.0 - Code Injection
CVSS 7.3
CVE-2020-13146 HIGH
Open edX Ironwood 2.5 - Code Injection
CVSS 8.8
CVE-2020-11548 CRITICAL
Search Meter < 2.13.2 - Remote Code Execution
CVSS 9.8
CVE-2020-7947 CRITICAL
WordPress Login by Auth0 <4.0.0 - CSV Injection
CVSS 9.8
CVE-2020-9347 CRITICAL
Zoho ManageEngine Password Manager Pro <10.x - Code Injection
CVSS 9.8
CVE-2020-10460 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - Code Injection
CVSS 4.9
CVE-2020-9372 HIGH
Codepeople Appointment Booking Calendar - Remote Code Execution
CVSS 7.8
CVE-2020-9466 MEDIUM
WordPress <1.4.2 - Code Injection
CVSS 6.1
CVE-2020-9017 HIGH
LiteCart <2.2.1 - Code Injection
CVSS 8.0
CVE-2019-16959 MEDIUM
SolarWinds Web Help Desk 12.7.0 - Code Injection
CVSS 6.5
CVE-2019-20002 HIGH
SolarWinds WebHelpDesk 12.7.1 - Code Injection
CVSS 7.8
CVE-2019-19676 CRITICAL
arxes-tolina 3.0.0 - RCE
CVSS 9.6
CVE-2019-20184 HIGH
KeePass 2.4.1 - Code Injection
CVSS 7.8
CVE-2019-20180 MEDIUM
TablePress 1.9.2 - Code Injection
CVSS 6.8
CVE-2019-13181 MEDIUM
SolarWinds Serv-U FTP Server <15.1.7 - SQL Injection
CVSS 6.5
CVE-2019-0403 CRITICAL
SAP Enable Now < 1911 - Command Injection
CVSS 9.8
CVE-2019-4521 CRITICAL
IBM Cloud Pak System <2.3 - Command Injection
CVSS 9.8
CVE-2019-6187 MEDIUM
Lenovo XClarity Controller - CSV Injection
CVSS 6.5
CVE-2019-17661 HIGH
codepress-admin-columns 3.4.6 - RCE
CVSS 8.8
CVE-2019-11275 MEDIUM
Pivotal Application Manager <670.0.7 - Command Injection
CVSS 4.3
CVE-2019-16184 CRITICAL
Limesurvey <3.17.14 - Command Injection
CVSS 9.8
CVE-2019-16120 HIGH
WordPress Event Tickets <4.10.7.2 - Code Injection
CVSS 8.8
CVE-2019-6182 MEDIUM
Lenovo XClarity Administrator <2.5.0 - CSV Injection
CVSS 4.9
CVE-2019-15092 HIGH
Webtoffee WordPress Users & WooCommerce Customers Import Export <1....
CVSS 7.3
CVE-2019-14749 HIGH
osTicket <1.10.7, <1.12.1 - Code Injection
CVSS 8.8
Details
Vulnerabilities 283
Links
MITRE CWE Entry Search this CWE With Exploits