CWE-1236— Improper Neutralization of Formula Elements in a CSV File
241 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1236page 1 of 5
- CVE-2018-10255HIGHCVSS 8.82018-05-01
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- CVE-2018-10257HIGHCVSS 8.82018-05-01
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- CVE-2018-10258HIGHCVSS 8.82018-05-01
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- CVE-2018-10504HIGHCVSS 7.82018-04-27
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
- CVE-2018-11525HIGHCVSS 7.82018-06-19
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
- CVE-2018-11526HIGHCVSS 7.82018-06-19
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
- CVE-2018-11652CRITICALCVSS 9.82018-06-01
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
- CVE-2018-12244MEDIUMCVSS 6.32019-04-25
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrust…
- CVE-2018-15474CRITICALCVSS 9.62018-09-07
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is…
- CVE-2018-15571HIGHCVSS 8.6EG 8.62018-08-28
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
- CVE-2018-16275HIGHCVSS 7.82018-08-31
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
- CVE-2018-16308HIGHCVSS 8.62018-09-01
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
- CVE-2018-16651HIGHCVSS 7.22018-09-07
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
- CVE-2018-1774HIGHCVSS 8.92018-11-09
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 14869…
- CVE-2018-19855MEDIUMCVSS 5.5EG 5.52019-08-08
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
- CVE-2018-20468HIGHCVSS 8.82019-06-17
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exporte…
- CVE-2018-20752CRITICALCVSS 9.82019-02-04
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitiz…
- CVE-2018-7201HIGHCVSS 8.8EG 8.82019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
- CVE-2018-7304HIGHCVSS 8.82018-02-21
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" pay…
- CVE-2018-8092CRITICALCVSS 9.82018-04-18
Mautic before 2.13.0 allows CSV injection.
- CVE-2018-9035CRITICALCVSS 9.62018-04-04
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
- CVE-2018-9106HIGHCVSS 8.82018-03-28
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
- CVE-2018-9107HIGHCVSS 8.82018-03-28
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
- CVE-2018-9137MEDIUMCVSS 6.82018-04-19
Open-AudIT before 2.2 has CSV Injection.
- CVE-2019-0403CRITICALCVSS 9.8EG 9.82019-12-11
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
- CVE-2019-11275MEDIUMCVSS 4.3EG 4.32019-10-01
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability whe…
- CVE-2019-11819HIGHCVSS 7.82019-05-08
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
- CVE-2019-11872HIGHCVSS 8.82019-05-29
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on…
- CVE-2019-12134HIGHCVSS 8.82019-06-06
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.
- CVE-2019-12765CRITICALCVSS 9.82019-06-11
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
- CVE-2019-12961HIGHCVSS 8.82019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
- CVE-2019-13144CRITICALCVSS 9.82019-07-05
myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5.
- CVE-2019-13181MEDIUMCVSS 6.5EG 6.52019-12-16
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
- CVE-2019-14352HIGHCVSS 7.8EG 7.82019-07-28
In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the re…
- CVE-2019-14749HIGHCVSS 8.8EG 8.82019-08-07
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input…
- CVE-2019-15092HIGHCVSS 7.3EG 7.32019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExp…
- CVE-2019-16120HIGHCVSS 8.8EG 8.82019-09-08
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
- CVE-2019-16184CRITICALCVSS 9.8EG 9.82019-09-09
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
- CVE-2019-16959MEDIUMCVSS 6.5EG 6.52020-12-21
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
- CVE-2019-17661HIGHCVSS 8.8EG 8.82019-11-08
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a us…
- CVE-2019-19676CRITICALCVSS 9.6EG 9.62020-03-18
A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can crea…
- CVE-2019-20002HIGHCVSS 7.8EG 7.82020-04-27
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by …
- CVE-2019-20180MEDIUMCVSS 6.8EG 6.82020-01-09
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
- CVE-2019-20184HIGHCVSS 7.8EG 7.82020-01-09
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
- CVE-2019-4071HIGHCVSS 8.82019-05-09
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force …
- CVE-2019-4364HIGHCVSS 8.02019-06-19
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
- CVE-2019-4521CRITICALCVSS 9.8EG 9.82019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
- CVE-2019-6182MEDIUMCVSS 4.9EG 4.92019-09-03
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted…
- CVE-2019-6187MEDIUMCVSS 6.5EG 6.52019-11-20
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that coul…
- CVE-2020-10131CRITICALCVSS 9.8EG 9.82023-09-06
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
Map vulnerabilities like CWE-1236 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1236 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →