CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

292 vulnerabilities with CWE-1236
CVE-2021-21302 MEDIUM
PrestaShop 1.5.0.0-1.7.7.2 - CSV Injection via Admin Panel Shop Search Keywords
CVSS 6.8
CVE-2021-3188 CRITICAL
phplist 3.6.0 - CSV Injection via Email Parameter
CVSS 9.8
CVE-2020-36962 CRITICAL
Tendenci 12.3.1 - CSV Formula Injection via Contact Form Message Field
CVSS 9.8
CVE-2020-36941 CRITICAL
Knockpy 4.1.1 - CSV Injection via Server Header Manipulation
CVSS 9.8
CVE-2020-10131 CRITICAL
SearchBlox < 9.2.1 - CSV Macro Injection via Featured Results Parameter
CVSS 9.8
CVE-2020-36531 MEDIUM
SevOne Network Performance Management 5.7.2.0-5.7.2.22 - Privilege Escalation via Device Manager Page Injection
CVSS 6.3
CVE-2020-36503 HIGH
Connections Business Directory WP <9.7 - Code Injection
CVSS 8.0
CVE-2020-25445 HIGH
Ultimate Booking System Booking Core 1.7.0 - Code Injection
CVSS 7.8
CVE-2020-22390 HIGH
Akaunting <= 2.0.9 - Code Injection
CVSS 8.8
CVE-2020-9205 MEDIUM
ManageOne 8.0.1 - Command Injection
CVSS 4.9
CVE-2020-9200 HIGH
iManager NetEco 6000 V600R021C00 - Code Injection
CVSS 7.8
CVE-2020-28861 MEDIUM
OpenAsset DAM <12.0.19 - Info Disclosure
CVSS 5.3
CVE-2020-4633 HIGH
IBM Resilient SOAR V38.0 - Code Injection
CVSS 8.8
CVE-2020-4627 CRITICAL
IBM Cloud Pak for Security <1.3.0.1 - Command Injection
CVSS 9.0
CVE-2020-28845 HIGH
Netskope 75.0 - Unauthenticated CSV Injection in Admin Portal
CVSS 7.8
CVE-2020-15301 HIGH
SuiteCRM < 7.11.13 - CSV Injection via Registration Fields in Import Template
CVSS 7.8
CVE-2020-4759 HIGH
IBM FileNet Content Manager <5.5.5 - Command Injection
CVSS 7.8
CVE-2020-25170 HIGH
B. Braun OnlineSuite <AP 3.0 - Code Injection
CVSS 7.8
CVE-2020-26507 HIGH
Marmind 4.1.141.0 - CSV Injection via Notes Field in To-Do Insertion
CVSS 7.8
CVE-2020-25398 HIGH
InterMind iMind Server <3.13.65 - Code Injection
CVSS 8.8
CVE-2020-22274 CRITICAL
JomSocial 4.7.6 - CSV Injection via Customer Profile
CVSS 9.8
CVE-2020-22278 HIGH
phpMyAdmin < 5.0.2 - CSV Injection via Export Section
CVSS 8.8
CVE-2020-22277 HIGH
WordPress Plugin <1.15.5.11 - Code Injection
CVSS 8.0
CVE-2020-22276 CRITICAL
WeForms Wordpress Plugin 1.4.7 - Code Injection
CVSS 9.8
CVE-2020-22275 HIGH
Easy Registration Forms WP Plugin 2.0.6 - Code Injection
CVSS 8.8
Details
Vulnerabilities 292
Links
MITRE CWE Entry Search this CWE With Exploits