Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1236

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

283 vulnerabilities with CWE-1236

CVE-2020-9205 MEDIUM

ManageOne 8.0.1 - Command Injection

CVE-2020-9200 HIGH

iManager NetEco 6000 V600R021C00 - Code Injection

CVE-2020-28861 MEDIUM

OpenAsset DAM <12.0.19 - Info Disclosure

CVE-2020-4633 HIGH

IBM Resilient SOAR V38.0 - Code Injection

CVE-2020-4627 CRITICAL

IBM Cloud Pak for Security <1.3.0.1 - Command Injection

CVE-2020-28845 HIGH

Netskope 75.0 - Code Injection

CVE-2020-15301 HIGH

SuiteCRM <7.11.13 - Code Injection

CVE-2020-4759 HIGH

IBM FileNet Content Manager <5.5.5 - Command Injection

CVE-2020-25170 HIGH

B. Braun OnlineSuite <AP 3.0 - Code Injection

CVE-2020-26507 HIGH

Marmind 4.1.141.0 - Code Injection

CVE-2020-25398 HIGH

InterMind iMind Server <3.13.65 - Code Injection

CVE-2020-22274 CRITICAL

JomSocial <4.7.6 - Code Injection

CVE-2020-22278 HIGH

phpMyAdmin <5.0.2 - Code Injection

CVE-2020-22277 HIGH

WordPress Plugin <1.15.5.11 - Code Injection

CVE-2020-22276 CRITICAL

WeForms Wordpress Plugin 1.4.7 - Code Injection

CVE-2020-22275 HIGH

Easy Registration Forms WP Plugin 2.0.6 - Code Injection

CVE-2020-24707 HIGH

Gophish <0.11.0 - Info Disclosure

CVE-2020-15255 HIGH

Anuko Time Tracker <1.19.23.5325 - Info Disclosure

CVE-2020-4689 MEDIUM

IBM Security Guardium 11.2 - Command Injection

CVE-2020-4302 HIGH

IBM Cognos Analytics <11.1 - RCE

CVE-2020-14026 HIGH

Ozeki NG SMS Gateway <4.17.6 - Code Injection

CVE-2020-16214 MEDIUM

PICiX B.02-C.03 - Code Injection

CVE-2020-13826 HIGH

i-doit 1.14.2 - Command Injection

CVE-2020-10780 MEDIUM

Red Hat CloudForms 4.7-5 - CSV Injection

CVE-2020-7049 HIGH

Nozomi Networks OS <19.0.4 - CSV Injection

Previous Page 9 of 12 Next

Details

Vulnerabilities 283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy