Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236

CVE-2021-38180 CRITICAL

SAP Business One 10.0 - Code Injection

CVE-2021-24016 LOW

Fortinet FortiManager <6.4.3 - Command Injection

CVE-2021-41824 HIGH

Craft CMS <3.7.14 - Code Injection

CVE-2021-25962 HIGH

Shuup 0.4.2-2.10.8 - Code Injection

CVE-2021-25960 HIGH

SuiteCRM <7.11.19 & 7.10.31 - Code Injection

CVE-2021-27020 HIGH

Puppet Enterprise - Info Disclosure

CVE-2021-37702 HIGH

Pimcore <10.1.1 - Code Injection

CVE-2021-33256 HIGH

ManageEngine ADSelfService Plus <6.1.6101 - CSV Injection

CVE-2021-22771 HIGH

Easergy T300 <V2.7.1 - Command Injection

CVE-2021-24441 HIGH

Sign-up Sheets WP <1.0.14 - Code Injection

CVE-2021-22153 HIGH

Blackberry Unified Endpoint Management - Remote Code Execution

CVE-2021-29667 HIGH

IBM Spectrum Scale <5.0.5.6, <5.1.0.2 - Code Injection

CVE-2021-1475 MEDIUM

Cisco Umbrella - Command Injection

CVE-2021-1474 MEDIUM

Cisco Umbrella - Command Injection

CVE-2021-24144 HIGH

Contact Form 7 Database Addon <1.2.5.6 - Code Injection

CVE-2021-27839 MEDIUM

Online Invoicing System <4.3 - CSV Injection

CVE-2021-21302 MEDIUM

PrestaShop <1.7.2 - Code Injection

CVE-2021-3188 CRITICAL

phpList 3.6.0 - Code Injection

CVE-2020-36962 CRITICAL

Tendenci 12.3.1 - Code Injection

CVE-2020-36941 CRITICAL

Knockpy 4.1.1 - Code Injection

CVE-2020-10131 CRITICAL

SearchBlox <9.2.1 - Code Injection

CVE-2020-36531 MEDIUM

IBM Sevone Network Performance Management - Privilege Escalation

CVE-2020-36503 HIGH

Connections Business Directory WP <9.7 - Code Injection

CVE-2020-25445 HIGH

Ultimate Booking System Booking Core 1.7.0 - Code Injection

CVE-2020-22390 HIGH

Akaunting <= 2.0.9 - Code Injection

Previous Page 8 of 12 Next

Details

Vulnerabilities 283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy