Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-15474 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dokuwiki CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. | 9.6 |
| 2018-09-07 | CVE-2018-16651 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyfaq The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. | 7.2 |
| 2018-09-01 | CVE-2018-16308 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | 8.6 |
| 2018-08-31 | CVE-2018-16275 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Opswat Metadefender OPSWAT MetaDefender before v4.11.2 allows CSV injection. | 7.8 |
| 2018-08-28 | CVE-2018-15571 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users to CSV Project Export Users to CSV The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. | 8.6 |
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-11525 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Algolplus Advanced Order Export for Woocommerce The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-01 | CVE-2018-11652 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cirt.Net Nikto 2.1.6 CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | 9.8 |
| 2018-05-01 | CVE-2018-10258 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0 A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2018-10257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2 A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |