Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2023-37219 HIGH

Tadiran Telecom Composit - SQL Injection

CVE-2023-3527 MEDIUM

Avaya CMS Supervisor - Code Injection

CVE-2023-28958 HIGH

IBM Watson Knowledge Catalog - Code Injection

CVE-2023-3493 HIGH

fossbilling <0.5.3 - Info Disclosure

CVE-2023-3302 HIGH

admidoi/admidio <4.2.9 - Info Disclosure

CVE-2023-31867 HIGH

Sage X3 <12.14.0.50-0 - Code Injection

CVE-2023-0721 HIGH

Metform Elementor Contact Form Builder <3.3.0 - Code Injection

CVE-2023-33410 HIGH

Minical <= 1.0.0 - CSV Injection via Customer Name Field

CVE-2023-2629 HIGH

pimcore/customer-data-framework <3.3.9 - Info Disclosure

CVE-2023-29918 MEDIUM

RosarioSIS 10.8.4 - CSV Injection via Periods Module

CVE-2023-25348 HIGH

ChurchCRM 4.5.3 - CSV Injection via Last Name and First Name Input Fields

CVE-2023-2258 HIGH

GitHub alfio-event/alf.io <2.0-M4-2304 - Info Disclosure

CVE-2023-29109 MEDIUM

SAP Application Interface Framework - Code Injection

CVE-2023-25611 MEDIUM

Fortinet FortiAnalyzer <7.2.1 - Code Injection

CVE-2022-3604 HIGH

Contact Form Entries <1.3.0 - Code Injection

CVE-2022-44738 MEDIUM

Patrick Robrecht Posts and Users Stats <1.1.3 - Info Disclosure

CVE-2022-42882 MEDIUM

Shambix Simple CSV/XLS Exporter <1.5.8 - Info Disclosure

CVE-2022-41616 HIGH

Kaushik Kalathiya Export Users Data CSV - Info Disclosure

CVE-2022-38702 MEDIUM

Nakashima Masahiro WP CSV Exporter <2.0 - Info Disclosure

CVE-2022-46821 MEDIUM

Jackmail & Sarbacane Emails & Newsletters with Jackmail <= 1.2.22 - CSV Injection

CVE-2022-46809 MEDIUM

WPDeveloper ReviewX < 1.6.7 - CSV Injection

CVE-2022-46804 MEDIUM

Narola Infotech Solutions LLP <1.3 - Info Disclosure

CVE-2022-46803 MEDIUM

Noptin Newsletter <1.9.5 - Info Disclosure

CVE-2022-46801 MEDIUM

Paul Ryley Site Reviews <6.2.0 - Info Disclosure

CVE-2022-45810 MEDIUM

Icegram Express <5.5.2 - Info Disclosure

Previous Page 5 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy