• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1236

CVE-2018-7201

February 26, 2023 by

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.

CVE-2018-20752

February 26, 2023 by

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.

CVE-2018-20468

February 26, 2023 by

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has “export to excel features” that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.

CVE-2018-19855

February 26, 2023 by

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.

CVE-2018-1774

February 26, 2023 by

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.

CVE-2018-16651

February 26, 2023 by

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 26
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE