How severe is CVE-2020-26507?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-26507?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2020-26507 - HIGH Severity | CVSS 7.8

Vulnerability Description

A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC.

Related Vulnerabilities

CVE-2018-10504

HIGH

CVSS:7.8(High)

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

CWE-12362018

CVE-2018-11525

HIGH

CVSS:7.8(High)

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

CWE-12362018

CVE-2018-11526

HIGH

CVSS:7.8(High)

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

CWE-12362018

CVE-2018-16275

HIGH

CVSS:7.8(High)

OPSWAT MetaDefender before v4.11.2 allows CSV injection.

CWE-12362018

CVE-2018-1774

HIGH

CVSS:7.8(High)

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by ...

CWE-12362018

CVE-2019-11819

HIGH

CVSS:7.8(High)

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

CWE-12362019