CVE-2020-16214

MEDIUM Year: 2020
CVSS v3 Score
5.0
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.

Related Vulnerabilities

CVE-2023-2629

MEDIUM
CVSS:5.0(Medium)

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.

CWE-12362023

CVE-2020-10460

MEDIUM
CVSS:4.9(Medium)

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.

CWE-12362020

CVE-2020-9205

MEDIUM
CVSS:4.9(Medium)

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input ...

CWE-12362020

CVE-2019-6182

MEDIUM
CVSS:4.8(Medium)

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event...

CWE-12362019

CVE-2020-28861

MEDIUM
CVSS:5.3(Medium)

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensi...

CWE-12362020

CVE-2023-31296

MEDIUM
CVSS:5.3(Medium)

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.

CWE-12362023