Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-04 | CVE-2018-9035 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Contact-Form-7-To-Database-Extension Project Contact-Form-7-To-Database-Extension CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | 6.8 |
2018-03-28 | CVE-2018-9107 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | 6.8 |
2018-03-28 | CVE-2018-9106 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acysms CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | 6.8 |
2018-02-21 | CVE-2018-7304 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Tiki 17.1 Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | 6.5 |