Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2019-4521 CRITICAL

IBM Cloud Pak System <2.3 - Command Injection

CVE-2019-6187 MEDIUM

Lenovo XClarity Controller - CSV Injection

CVE-2019-17661 HIGH

codepress-admin-columns 3.4.6 - RCE

CVE-2019-11275 MEDIUM

Pivotal Application Manager <670.0.7 - Command Injection

CVE-2019-16184 CRITICAL

Limesurvey <3.17.14 - Command Injection

CVE-2019-16120 HIGH

WordPress Event Tickets <4.10.7.2 - Code Injection

CVE-2019-6182 MEDIUM

Lenovo XClarity Administrator <2.5.0 - CSV Injection

CVE-2019-15092 HIGH

Webtoffee WordPress Users & WooCommerce Customers Import Export <1....

CVE-2019-14749 HIGH

osTicket <1.10.7, <1.12.1 - Code Injection

CVE-2019-14352 HIGH

Joget Workflow 6.0.20 - Code Injection

CVE-2019-13144 CRITICAL

myTinyTodo 1.3.3-1.4.3 - CSV Injection

CVE-2019-12961 HIGH

LiveZilla Server <8.0.1.1 - Code Injection

CVE-2019-4364 HIGH

IBM Maximo Asset Mgmt <7.6 - Command Injection

CVE-2019-12765 CRITICAL

Joomla! 3.9.0-3.9.6 - CSV Injection in com_actionlogs Export

CVE-2019-12134 HIGH

Workday < 32.0 - CSV Injection via Export Feature

CVE-2019-11872 HIGH

Hustle < 6.0.8.1 - CSV Injection via Pop-up Window Input

CVE-2019-4071 HIGH

IBM Tivoli Storage Productivity Center <5.2.17 - Command Injection

CVE-2019-11819 HIGH

Alkacon OpenCMS <10.5.4 - Code Injection

CVE-2018-19855 MEDIUM

UiPath Orchestrator <2018.3.4 - Code Injection

CVE-2018-20468 HIGH

Tyto Sahi Pro <8.0.0 - Code Injection

CVE-2018-7201 HIGH

ProjectSend < r1053 - CSV Injection

CVE-2018-12244 MEDIUM

Symantec Endpoint Protection <= 12.1 RU6 MP9 and < 14.2 RU1 - CSV Formula Injection

CVE-2018-20752 CRITICAL

recon-ng < 4.9.5 - CSV Injection via Twitter Username Export

CVE-2018-1774 HIGH

IBM API Connect <5.0.8.4, 2018.1, 2018.3.6 - Code Injection

CVE-2018-15474 CRITICAL

DokuWiki <2018-04-22a - Code Injection

Previous Page 11 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy