Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-01 | CVE-2018-10255 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0 A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-04-27 | CVE-2018-10504 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 |
| 2018-04-19 | CVE-2018-9137 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Open-Audit 2.1 Open-AudIT before 2.2 has CSV Injection. | 6.8 |
| 2018-04-18 | CVE-2018-8092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mautic Mautic before 2.13.0 allows CSV injection. | 9.8 |
| 2018-04-04 | CVE-2018-9035 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Contact-Form-7-To-Database-Extension Project Contact-Form-7-To-Database-Extension 2.10.30/2.10.31/2.10.32 CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | 9.6 |
| 2018-03-28 | CVE-2018-9107 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | 8.8 |
| 2018-03-28 | CVE-2018-9106 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acysms CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | 8.8 |
| 2018-02-21 | CVE-2018-7304 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Tiki 17.1 Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | 8.8 |