Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2022-45370 MEDIUM

WebToffee WordPress Comments Import & Export <2.3.1 - Info Disclosure

CVE-2022-45360 MEDIUM

Commenter Emails <2.6.1 - Info Disclosure

CVE-2022-45348 MEDIUM

anmari amr <4.59.4 - Info Disclosure

CVE-2022-45078 MEDIUM

Solwin Infotech User Blocker <1.5.5 - Info Disclosure

CVE-2022-46802 MEDIUM

WebToffee Product Reviews Import Export <1.4.8 - Info Disclosure

CVE-2022-45357 MEDIUM

Lenderd 1003 Mortgage Application - Info Disclosure

CVE-2022-47442 MEDIUM

UsersWP <= 1.2.3.9 - CSV Injection

CVE-2022-45350 MEDIUM

Simple History <3.3.1 - CSV Injection

CVE-2022-28864 HIGH

Nokia NetAct 22 - CSV Injection via Administration of Measurements TemplateName Parameter

CVE-2022-46408 MEDIUM

Ericsson Network Manager <22.1 - RCE

CVE-2022-35281 MEDIUM

IBM Maximo Asset Management 7.6.1.1-7.6.1.3 and Maximo Manage 8.3-8.4 - CSV Injection

CVE-2022-37786 MEDIUM

WeCube Platform <3.2.2 - Code Injection

CVE-2022-37905 MEDIUM

ArubaOS 7xxx Controllers - Boot Sequence Remote Code Execution

CVE-2022-4034 MEDIUM

Appointment Hour Booking Plugin <1.3.72 - Code Injection

CVE-2022-41675 HIGH

raidenmaild < 4.7.4 - Authenticated CSV Injection via Form Content Export

CVE-2022-44830 HIGH

Sourcecodester Event Registration App v1.0 - Code Injection

CVE-2022-41791 MEDIUM

ProfileGrid <5.1.6 - Code Injection

CVE-2022-3574 CRITICAL

WPForms Pro <1.7.7 - Code Injection

CVE-2022-27858 HIGH

WordPress Activity Log <2.8.3 - Code Injection

CVE-2022-3558 HIGH

WordPress Plugin <1.20.5 - Info Disclosure

CVE-2022-3463 CRITICAL

WordPress Contact Form Plugin <4.3.13 - Code Injection

CVE-2022-22425 CRITICAL

IBM InfoSphere Information Server 11.7 - Code Injection

CVE-2022-40294 HIGH

php_point_of_sale - CSV Injection in Data Export Functionality

CVE-2022-3393 CRITICAL

Post to CSV by BestWebSoft <1.4.0 - Code Injection

CVE-2022-40472 HIGH

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 - Code Injection

Previous Page 6 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy