Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |
| 2024-02-06 | CVE-2023-47022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1 Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | 6.5 |
| 2024-01-16 | CVE-2022-3604 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | 7.8 |
| 2023-12-29 | CVE-2023-31295 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 7.5 |
| 2023-12-29 | CVE-2023-31296 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 5.3 |
| 2023-12-29 | CVE-2023-31294 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 7.5 |
| 2023-12-28 | CVE-2023-50448 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | 6.5 |
| 2023-12-24 | CVE-2023-51763 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin Active Admin csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | 9.8 |
| 2023-12-07 | CVE-2023-48207 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | 8.8 |
| 2023-11-28 | CVE-2023-42004 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.3/11.4/11.5 IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. | 8.8 |