Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236

CVE-2021-43515 HIGH

Kimai < 1.14.1 - CSV Injection via Timesheet Description Field

CVE-2021-39022 HIGH

IBM Guardium Data Encryption <5.0.0.0 - Code Injection

CVE-2021-46363 HIGH

Magnolia CMS < 6.2.4 - Formula Injection via CSV/XLS Export

CVE-2021-23654 MEDIUM

html-to-csv - CSV Injection via Unvalidated Formula Embedding

CVE-2021-41270 MEDIUM

Symfony <4.4.35 and <5.3.12 - Code Injection

CVE-2021-36334 MEDIUM

Dell EMC CloudLink <7.1 - Code Injection

CVE-2021-38424 MEDIUM

Delta Electronics DIALink <1.2.4.0 - Code Injection

CVE-2021-40848 HIGH

Mahara < 20.04.5, 20.10.3, 21.04.2, 21.10.0 - CSV Injection via Exported CSV Files

CVE-2021-37131 MEDIUM

Huawei ManageOne - CSV Injection via Insufficient Input Validation

CVE-2021-38180 CRITICAL

SAP Business One 10.0 - Code Injection

CVE-2021-24016 LOW

Fortinet FortiManager <6.4.3 - Command Injection

CVE-2021-41824 HIGH

Craft CMS 3.4.0-3.7.13 - CSV Injection

CVE-2021-25962 HIGH

Shuup 0.4.2-2.10.8 - Code Injection

CVE-2021-25960 HIGH

SuiteCRM <7.11.19 & 7.10.31 - Code Injection

CVE-2021-27020 HIGH

Puppet Enterprise - Info Disclosure

CVE-2021-37702 HIGH

pimcore < 10.1.1 - Formula Injection via Data Object CSV Import

CVE-2021-33256 HIGH

ManageEngine ADSelfService Plus <6.1.6101 - CSV Injection

CVE-2021-22771 HIGH

Easergy T300 <V2.7.1 - Command Injection

CVE-2021-24441 HIGH

Sign-up Sheets WP <1.0.14 - Code Injection

CVE-2021-22153 HIGH

BlackBerry UEM <=12.13.1 QF2/12.12.1a QF6 - RCE via CSV Injection

CVE-2021-29667 HIGH

IBM Spectrum Scale <5.0.5.6, <5.1.0.2 - Code Injection

CVE-2021-1475 MEDIUM

Cisco Umbrella - Formula and Link Injection in Admin Audit Log Export and Scheduled Reports

CVE-2021-1474 MEDIUM

Cisco Umbrella - Authenticated Formula and Link Injection in Admin Audit Log Export and Scheduled Reports

CVE-2021-24144 HIGH

Contact Form 7 Database Addon <1.2.5.6 - Code Injection

CVE-2021-27839 MEDIUM

Online Invoicing System <4.3 - CSV Injection

Previous Page 8 of 12 Next

Details

Vulnerabilities 292

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy