Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2020-24707 HIGH

gophish < 0.11.0 - CSV Injection

CVE-2020-15255 HIGH

Anuko Time Tracker <1.19.23.5325 - Info Disclosure

CVE-2020-4689 MEDIUM

IBM Security Guardium 11.2 - Command Injection

CVE-2020-4302 HIGH

IBM Cognos Analytics 11.0-11.1 - Remote Code Execution via CSV Injection

CVE-2020-14026 HIGH

Ozeki NG SMS Gateway <4.17.6 - Code Injection

CVE-2020-16214 MEDIUM

Philips Patient Information Center iX B.02 C.02 C.03 - CSV Injection

CVE-2020-13826 HIGH

i-doit < 1.14.2 - CSV Injection via Title Parameter

CVE-2020-10780 MEDIUM

Red Hat CloudForms 4.7-5 - CSV Injection

CVE-2020-7049 HIGH

Nozomi Networks OS <19.0.4 - CSV Injection

CVE-2020-13247 HIGH

BooleBox Secure File Sharing Utility <4.2.3.0 - Code Injection

CVE-2020-13146 HIGH

Open edX Ironwood 2.5 - Code Injection

CVE-2020-11548 CRITICAL

Search Meter < 2.13.2 - Remote Code Execution via CSV Injection in Search Export

CVE-2020-7947 CRITICAL

WordPress Login by Auth0 <4.0.0 - CSV Injection

CVE-2020-9347 CRITICAL

Zoho ManageEngine Password Manager Pro <10.x - Code Injection

CVE-2020-10460 MEDIUM

Chadha PHPKB Standard Multi-Language 9 - Code Injection

CVE-2020-9372 HIGH

Appointment Booking Calendar < 1.3.35 - CSV Injection via Booking Form Fields

CVE-2020-9466 MEDIUM

Export Users to CSV < 1.4.2 - CSV Injection

CVE-2020-9017 HIGH

LiteCart < 2.2.1 - CSV Injection via Customer Profile

CVE-2019-16959 MEDIUM

SolarWinds Web Help Desk 12.7.0 - Code Injection

CVE-2019-20002 HIGH

SolarWinds WebHelpDesk 12.7.1 - Code Injection

CVE-2019-19676 CRITICAL

arxes-tolina 3.0.0 - CSV Injection via Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung Columns

CVE-2019-20184 HIGH

KeePass 2.4.1 - CSV Injection via Title Field in CSV Export

CVE-2019-20180 MEDIUM

TablePress < 1.9.2 - CSV Injection via tablepress[data]

CVE-2019-13181 MEDIUM

SolarWinds Serv-U FTP Server <15.1.7 - SQL Injection

CVE-2019-0403 CRITICAL

SAP Enable Now < 1911 - CSV Command Injection

Previous Page 10 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy