CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236
CVE-2019-14352 HIGH
Joget Workflow 6.0.20 - Code Injection
CVSS 7.8
CVE-2019-13144 CRITICAL
myTinyTodo <1.5 - Code Injection
CVSS 9.8
CVE-2019-12961 HIGH
LiveZilla Server <8.0.1.1 - Code Injection
CVSS 8.8
CVE-2019-4364 HIGH
IBM Maximo Asset Mgmt <7.6 - Command Injection
CVSS 8.0
CVE-2019-12765 CRITICAL
Joomla! <3.9.7 - Code Injection
CVSS 9.8
CVE-2019-12134 HIGH
Workday <32 - CSV Injection
CVSS 8.8
CVE-2019-11872 HIGH
WordPress 6.0.7 - Code Injection
CVSS 8.8
CVE-2019-4071 HIGH
IBM Tivoli Storage Productivity Center <5.2.17 - Command Injection
CVSS 8.8
CVE-2019-11819 HIGH
Alkacon OpenCMS <10.5.4 - Code Injection
CVSS 7.8
CVE-2018-19855 MEDIUM
UiPath Orchestrator <2018.3.4 - Code Injection
CVSS 5.5
CVE-2018-20468 HIGH
Tyto Sahi Pro <8.0.0 - Code Injection
CVSS 8.8
CVE-2018-7201 HIGH
ProjectSend <r1053 - CSV Injection
CVSS 8.8
CVE-2018-12244 MEDIUM
SEP <14.2 RU1 - Code Injection
CVSS 6.3
CVE-2018-20752 CRITICAL
Recon-ng < 4.9.5 - Remote Code Execution
CVSS 9.8
CVE-2018-1774 HIGH
IBM API Connect <5.0.8.4, 2018.1, 2018.3.6 - Code Injection
CVSS 8.9
CVE-2018-15474 CRITICAL
DokuWiki <2018-04-22a - Code Injection
CVSS 9.6
CVE-2018-16651 HIGH
phpMyFAQ <2.9.11 - Code Injection
CVSS 7.2
CVE-2018-16308 HIGH
Ninja Forms <3.3.14.1 - Code Injection
CVSS 8.6
CVE-2018-16275 HIGH
OPSWAT MetaDefender <4.11.2 - Code Injection
CVSS 7.8
CVE-2018-15571 HIGH
WordPress <1.1.1 - Code Injection
CVSS 8.6
CVE-2018-11526 HIGH
WordPress Comments Import & Export <2.0.4 - Code Injection
CVSS 7.8
CVE-2018-11525 HIGH
WordPress <1.5.4 - Code Injection
CVSS 7.8
CVE-2018-11652 CRITICAL
Nikto <2.1.6 - Command Injection
CVSS 9.8
CVE-2018-10258 HIGH
Shopy Point of Sale <1.0 - Code Injection
CVSS 8.8
CVE-2018-10257 HIGH
HRSALE The Ultimate HRM <1.0.2 - Command Injection
CVSS 8.8
Details
Vulnerabilities 283
Links
MITRE CWE Entry Search this CWE With Exploits