CVE-2022-22121

HIGH Year: 2022
CVSS v3 Score
8.0
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.

Related Vulnerabilities

CVE-2020-22277

HIGH
CVSS:8.0(High)

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2020-36503

HIGH
CVSS:8.0(High)

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

CWE-12362020

CVE-2020-9017

HIGH
CVSS:8.0(High)

LiteCart through 2.2.1 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2021-23286

HIGH
CVSS:8.0(High)

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Man...

CWE-12362021

CVE-2021-24441

HIGH
CVSS:8.0(High)

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

CWE-12362021

CVE-2021-25960

HIGH
CVSS:8.0(High)

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module ...

CWE-12362021