CVE-2021-25960

HIGH Year: 2021
CVSS v3 Score
8.0
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.

Related Vulnerabilities

CVE-2020-22277

HIGH
CVSS:8.0(High)

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2020-36503

HIGH
CVSS:8.0(High)

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

CWE-12362020

CVE-2020-9017

HIGH
CVSS:8.0(High)

LiteCart through 2.2.1 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2021-23286

HIGH
CVSS:8.0(High)

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Man...

CWE-12362021

CVE-2021-24441

HIGH
CVSS:8.0(High)

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

CWE-12362021

CVE-2021-38963

HIGH
CVSS:8.0(High)

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a sp...

CWE-12362021