Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-13146 | Improper Neutralization of Formula Elements in a CSV File vulnerability in EDX Open EDX Platform 2.5 Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. | 8.8 |
| 2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |
| 2020-04-05 | CVE-2020-11548 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Search Meter Project Search Meter The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. | 9.8 |
| 2020-04-01 | CVE-2020-7947 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 9.8 |
| 2020-03-18 | CVE-2019-19676 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Arxes-Tolina 3.0.0 A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. | 9.6 |
| 2020-03-16 | CVE-2020-9347 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. | 9.8 |
| 2020-03-12 | CVE-2020-10460 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Chadhaajay PHPkb 9.0 admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data. | 4.9 |
| 2020-03-04 | CVE-2020-9372 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. | 7.8 |
| 2020-02-28 | CVE-2020-9466 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users to CSV Project Export Users to CSV The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. | 6.1 |
| 2020-02-25 | CVE-2020-9017 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Litecart LiteCart through 2.2.1 allows CSV injection via a customer's profile. | 8.0 |