Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2020-22390 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Akaunting Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. | 8.8 |
| 2021-05-13 | CVE-2021-22153 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Blackberry Unified Endpoint Management A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user. | 7.3 |
| 2021-04-27 | CVE-2021-29667 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. | 7.8 |
| 2021-03-18 | CVE-2021-24144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | 7.8 |
| 2021-03-03 | CVE-2021-27839 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bigprof Online Invoicing System A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. | 4.4 |
| 2021-02-26 | CVE-2021-21302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 7.2 |
| 2021-02-06 | CVE-2020-9205 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Huawei Manageone 8.0.1 There has a CSV injection vulnerability in ManageOne 8.0.1. | 4.9 |
| 2021-01-26 | CVE-2021-3188 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0 phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | 9.8 |
| 2020-12-24 | CVE-2020-9200 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Huawei Imanager Neteco 6000 V600R021C00 There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. | 7.8 |
| 2020-12-21 | CVE-2019-16959 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | 6.5 |