Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-18 | CVE-2023-5527 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Businessdirectoryplugin Business Directory The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. | 8.0 |
| 2024-06-07 | CVE-2023-5424 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Westguardsolutions WS Form The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. | 8.8 |
| 2024-04-04 | CVE-2024-25007 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. | 7.1 |
| 2024-03-12 | CVE-2023-47534 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | 8.8 |
| 2024-02-06 | CVE-2023-47022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1 Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | 6.5 |
| 2024-01-16 | CVE-2022-3604 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | 7.8 |
| 2023-12-29 | CVE-2023-31295 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 7.5 |
| 2023-12-29 | CVE-2023-31296 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 5.3 |
| 2023-12-29 | CVE-2023-31294 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 7.5 |
| 2023-12-28 | CVE-2023-50448 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | 6.5 |