CVE-2022-26867

HIGH Year: 2022
CVSS v3 Score
8.0
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.

Related Vulnerabilities

CVE-2020-22277

HIGH
CVSS:8.0(High)

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2020-36503

HIGH
CVSS:8.0(High)

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

CWE-12362020

CVE-2020-9017

HIGH
CVSS:8.0(High)

LiteCart through 2.2.1 allows CSV injection via a customer's profile.

CWE-12362020

CVE-2021-23286

HIGH
CVSS:8.0(High)

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Man...

CWE-12362021

CVE-2021-24441

HIGH
CVSS:8.0(High)

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

CWE-12362021

CVE-2021-25960

HIGH
CVSS:8.0(High)

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module ...

CWE-12362021