CVE-2022-37786

MEDIUM Year: 2022
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.

Related Vulnerabilities

CVE-2018-12244

MEDIUM
CVSS:6.3(Medium)

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby a...

CWE-12362018

CVE-2020-10780

MEDIUM
CVSS:6.3(Medium)

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula e...

CWE-12362020

CVE-2021-24016

MEDIUM
CVSS:6.3(Medium)

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in p...

CWE-12362021

CVE-2021-39022

MEDIUM
CVSS:6.2(Medium)

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements t...

CWE-12362021

CVE-2019-13181

MEDIUM
CVSS:6.5(Medium)

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CWE-12362019

CVE-2019-16959

MEDIUM
CVSS:6.5(Medium)

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CWE-12362019