CWE-1236— Improper Neutralization of Formula Elements in a CSV File
297 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1236page 6 of 6
- CVE-2024-47485CRITICALCVSS 9.8EG 9.82024-10-18
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.
- CVE-2024-47572CRITICALCVSS 9.0EG 9.02025-01-14
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
- CVE-2024-51094HIGHCVSS 8.0EG 8.02024-11-12
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data…
- CVE-2024-53260MEDIUMCVSS 6.8EG 6.82024-11-27
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and …
- CVE-2024-53555HIGHCVSS 8.8EG 8.82024-11-26
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
- CVE-2024-53921LOWCVSS 2.8EG 2.82024-12-03
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.
- CVE-2024-55532CRITICALCVSS 9.8EG 9.82025-03-03
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.
- CVE-2024-9102MEDIUMCVSS 5.0EG 0.02024-12-19
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpr…
- CVE-2025-11254MEDIUMCVSS 4.3EG 4.32025-10-11
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attacke…
- CVE-2025-11279MEDIUMCVSS 5.5EG 5.52025-10-05
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be…
- CVE-2025-11498MEDIUMCVSS 6.1EG 6.12025-10-14
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file…
- CVE-2025-11576MEDIUMCVSS 4.3EG 4.32025-10-24
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_cha…
- CVE-2025-12249MEDIUMCVSS 6.3EG 6.32025-10-27
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possi…
- CVE-2025-13133MEDIUMCVSS 6.6EG 6.62025-11-18
The Simple User Import Export plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.1.7 via the 'Import/export users' function. This makes it possible for authenticated attackers, with Administrator-le…
- CVE-2025-1421LOWCVSS 2.4EG 0.02025-05-21
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Exce…
- CVE-2025-14229MEDIUMCVSS 4.7EG 4.72025-12-08
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launc…
- CVE-2025-1836MEDIUMCVSS 4.3EG 4.32025-03-02
A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possib…
- CVE-2025-35033MEDIUMCVSS 4.1EG 4.12025-09-29
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14.
- CVE-2025-39245MEDIUMCVSS 4.7EG 4.72025-08-29
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
- CVE-2025-4546MEDIUMCVSS 4.7EG 4.72025-05-11
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The a…
- CVE-2025-50572HIGHCVSS 8.8EG 8.82025-07-31
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accep…
- CVE-2025-51735HIGHCVSS 7.5EG 7.52025-11-28
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
- CVE-2025-52386MEDIUMCVSS 5.4EG 5.42025-08-13
CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file
- CVE-2025-54752MEDIUMCVSS 6.5EG 6.52025-07-31
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be …
- CVE-2025-55745HIGHCVSS 8.8EG 8.82025-08-22
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability…
- CVE-2025-56267CRITICALCVSS 9.8EG 9.82025-09-08
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
- CVE-2025-58855HIGHCVSS 7.1EG 7.12025-09-05
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through <= 1.4.
- CVE-2025-60852MEDIUMCVSS 6.5EG 6.52025-10-23
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV export…
- CVE-2025-61873LOWCVSS 2.6EG 2.62026-01-16
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
- CVE-2025-62417HIGHCVSS 7.8EG 7.82025-10-16
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the…
- CVE-2025-66834HIGHCVSS 7.3EG 7.32025-12-30
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
- CVE-2025-67851MEDIUMCVSS 6.1EG 6.12026-02-03
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet…
- CVE-2025-6838MEDIUMCVSS 4.1EG 4.12025-07-11
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level a…
- CVE-2025-7061LOWCVSS 2.7EG 2.72025-07-04
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated …
- CVE-2025-8767MEDIUMCVSS 4.8EG 4.82025-08-12
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attacke…
- CVE-2025-8808MEDIUMCVSS 4.3EG 4.32025-08-10
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The man…
- CVE-2025-9241MEDIUMCVSS 6.3EG 6.32025-08-20
A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be …
- CVE-2026-10248MEDIUMCVSS 4.7EG 4.72026-06-01
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplier Creation Interface. This manipulation …
- CVE-2026-23873CRITICALCVSS 9.0EG 9.02026-01-22
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admi…
- CVE-2026-24447MEDIUMCVSS 6.5EG 6.52026-02-04
If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's en…
- CVE-2026-27644MEDIUMCVSS 6.5EG 6.52026-05-05
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An at…
- CVE-2026-31049CRITICALCVSS 9.8EG 9.82026-04-14
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
- CVE-2026-35157MEDIUMCVSS 5.8EG 5.82026-05-11
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could p…
- CVE-2026-39424MEDIUMCVSS 4.7EG 4.72026-04-14
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat histor…
- CVE-2026-41073MEDIUMCVSS 4.6EG 4.62026-05-22
RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanit…
- CVE-2026-42267MEDIUMCVSS 5.7EG 5.72026-05-08
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags and assign it to a timesheet. When an a…
- CVE-2026-9673MEDIUMCVSS 6.8EG 6.82026-05-28
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are ope…
Map vulnerabilities like CWE-1236 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1236 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →