CWE-1236— Improper Neutralization of Formula Elements in a CSV File
297 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1236page 4 of 6
- CVE-2022-3600CRITICALCVSS 9.8EG 9.82022-11-21
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
- CVE-2022-3603CRITICALCVSS 9.8EG 9.82022-11-28
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.
- CVE-2022-3604HIGHCVSS 7.8EG 7.82024-01-16
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.
- CVE-2022-3605HIGHCVSS 7.8EG 7.82022-12-12
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.
- CVE-2022-3634CRITICALCVSS 9.8EG 9.82022-11-21
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
- CVE-2022-37786MEDIUMCVSS 6.3EG 6.32023-01-01
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.
- CVE-2022-37905MEDIUMCVSS 6.6EG 8.82022-12-12
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underl…
- CVE-2022-38061MEDIUMCVSS 6.2EG 5.72022-09-23
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.
- CVE-2022-38702MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0.
- CVE-2022-38844HIGHCVSS 8.0EG 8.02022-09-16
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up execu…
- CVE-2022-38845MEDIUMCVSS 6.1EG 6.12022-09-16
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importin…
- CVE-2022-40294HIGHCVSS 8.8EG 8.82022-10-31
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
- CVE-2022-4034MEDIUMCVSS 5.8EG 7.82022-11-29
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation t…
- CVE-2022-40472HIGHCVSS 8.0EG 8.02022-09-29
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Cont…
- CVE-2022-41616HIGHCVSS 7.6EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1.
- CVE-2022-41675HIGHCVSS 8.0EG 8.02022-11-29
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to per…
- CVE-2022-41791MEDIUMCVSS 6.8EG 8.82022-11-17
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
- CVE-2022-42882MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8.
- CVE-2022-44738MEDIUMCVSS 5.8EG 5.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.
- CVE-2022-44830HIGHCVSS 7.8EG 7.82022-11-21
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel…
- CVE-2022-45078MEDIUMCVSS 5.9EG 7.22023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5.
- CVE-2022-45348MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4.
- CVE-2022-45350MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.
- CVE-2022-45357MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.
- CVE-2022-45360MEDIUMCVSS 4.7EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1.
- CVE-2022-45370MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.
- CVE-2022-45810MEDIUMCVSS 4.7EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newslett…
- CVE-2022-46408MEDIUMCVSS 6.8EG 6.82023-06-29
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or dat…
- CVE-2022-46801MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.
- CVE-2022-46802MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.
- CVE-2022-46803MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.
- CVE-2022-46804MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3.
- CVE-2022-46809MEDIUMCVSS 6.1EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a thr…
- CVE-2022-46821MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22.
- CVE-2022-47442MEDIUMCVSS 5.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.
- CVE-2023-0721HIGHCVSS 8.3EG 8.32023-06-09
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can resul…
- CVE-2023-2258HIGHCVSS 8.8EG 8.82023-04-24
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
- CVE-2023-22719MEDIUMCVSS 4.7EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.
- CVE-2023-22877HIGHCVSS 7.0EG 7.02023-08-28
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
- CVE-2023-23678MEDIUMCVSS 4.0EG 7.22023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.
- CVE-2023-23796MEDIUMCVSS 4.7EG 9.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.
- CVE-2023-25348HIGHCVSS 7.8EG 7.82023-04-25
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
- CVE-2023-25611MEDIUMCVSS 4.0EG 7.32023-03-07
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet fo…
- CVE-2023-25983HIGHCVSS 8.8EG 8.82023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.
- CVE-2023-2629HIGHCVSS 7.8EG 7.82023-05-10
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
- CVE-2023-28958HIGHCVSS 7.0EG 7.02023-07-10
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 2517…
- CVE-2023-29109MEDIUMCVSS 4.4EG 4.62023-04-11
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Exc…
- CVE-2023-29918MEDIUMCVSS 5.4EG 5.42023-05-02
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
- CVE-2023-31294HIGHCVSS 7.5EG 7.52023-12-29
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.
- CVE-2023-31295HIGHCVSS 7.5EG 7.52023-12-29
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.
Map vulnerabilities like CWE-1236 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1236 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →