CWE-1236

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer’s profile.