admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input ...
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neut...
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event...
PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on La...
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An autho...