Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2018-12244 Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
network
symantec CWE-1236
6.8
2019-02-04 CVE-2018-20752 Improper Neutralization of Formula Elements in a CSV File vulnerability in Recon-Ng Project Recon-Ng
An issue was discovered in Recon-ng before 4.9.5.
network
low complexity
recon-ng-project CWE-1236
7.5
2018-11-09 CVE-2018-1774 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM API Connect
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator.
network
ibm CWE-1236
6.8
2018-09-07 CVE-2018-15474 Improper Neutralization of Formula Elements in a CSV File vulnerability in Dokuwiki
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export.
network
low complexity
dokuwiki CWE-1236
critical
9.6
2018-09-07 CVE-2018-16651 Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyfaq
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
network
low complexity
phpmyfaq CWE-1236
critical
9.0
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
6.8
2018-08-31 CVE-2018-16275 Improper Neutralization of Formula Elements in a CSV File vulnerability in Opswat Metadefender
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
network
opswat CWE-1236
6.8
2018-08-28 CVE-2018-15571 Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users TO CSV Project Export Users TO CSV
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
6.8
2018-06-19 CVE-2018-11526 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
6.8
2018-06-19 CVE-2018-11525 Improper Neutralization of Formula Elements in a CSV File vulnerability in Algolplus Advanced Order Export
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
6.8