Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236

CVE-2022-46408 MEDIUM

Ericsson Network Manager <22.1 - RCE

CVE-2022-35281 MEDIUM

IBM Maximo <8.4 - Code Injection

CVE-2022-37786 MEDIUM

WeCube Platform <3.2.2 - Code Injection

CVE-2022-37905 MEDIUM

ArubaOS <7xxx - RCE

CVE-2022-4034 MEDIUM

Appointment Hour Booking Plugin <1.3.72 - Code Injection

CVE-2022-41675 HIGH

Raiden MAILD - Code Injection

CVE-2022-44830 HIGH

Sourcecodester Event Registration App v1.0 - Code Injection

CVE-2022-41791 MEDIUM

ProfileGrid <5.1.6 - Code Injection

CVE-2022-3574 CRITICAL

WPForms Pro <1.7.7 - Code Injection

CVE-2022-27858 HIGH

WordPress Activity Log <2.8.3 - Code Injection

CVE-2022-3558 HIGH

WordPress Plugin <1.20.5 - Info Disclosure

CVE-2022-3463 CRITICAL

WordPress Contact Form Plugin <4.3.13 - Code Injection

CVE-2022-22425 CRITICAL

IBM InfoSphere Information Server 11.7 - Code Injection

CVE-2022-40294 HIGH

CSV Injection - Code Injection

CVE-2022-3393 CRITICAL

Post to CSV by BestWebSoft <1.4.0 - Code Injection

CVE-2022-40472 HIGH

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 - Code Injection

CVE-2022-38061 MEDIUM

WordPress Export Post Info <1.2.0 - CSV Injection

CVE-2022-38844 HIGH

EspoCRM 7.1.8 - Command Injection

CVE-2022-2798 HIGH

WordPress Affiliate Mgr <2.9.14 - Code Injection

CVE-2022-1194 HIGH

Mobile Events Manager <1.4.8 - Code Injection

CVE-2022-3026 MEDIUM

WP Users Exporter <1.4.2 - Code Injection

CVE-2022-2429 MEDIUM

Ultimate SMS Notifications for WooCommerce <1.4.1 - Code Injection

CVE-2022-2240 HIGH

Request a Quote WP <2.3.7 - Code Injection

CVE-2022-1539 HIGH

Exports and Reports WP <0.9.2 - Code Injection

CVE-2022-2112 HIGH

inventree/inventree <0.7.2 - Info Disclosure

Previous Page 6 of 12 Next

Details

Vulnerabilities 283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy