CVE-2020-10780

MEDIUM Year: 2020
CVSS v3 Score
6.3
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.

Related Vulnerabilities

CVE-2018-12244

MEDIUM
CVSS:6.3(Medium)

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby a...

CWE-12362018

CVE-2021-24016

MEDIUM
CVSS:6.3(Medium)

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in p...

CWE-12362021

CVE-2022-37786

MEDIUM
CVSS:6.3(Medium)

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Baseke...

CWE-12362022

CVE-2021-39022

MEDIUM
CVSS:6.2(Medium)

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements t...

CWE-12362021

CVE-2019-13181

MEDIUM
CVSS:6.5(Medium)

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CWE-12362019

CVE-2019-16959

MEDIUM
CVSS:6.5(Medium)

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CWE-12362019