CVE-2023-28958

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-1236
View all →

Vulnerability Description

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.

Related Vulnerabilities

CVE-2018-10504

HIGH
CVSS:7.8(High)

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

CWE-12362018

CVE-2018-11525

HIGH
CVSS:7.8(High)

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

CWE-12362018

CVE-2018-11526

HIGH
CVSS:7.8(High)

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

CWE-12362018

CVE-2018-1774

HIGH
CVSS:7.8(High)

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by ...

CWE-12362018

CVE-2019-11819

HIGH
CVSS:7.8(High)

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

CWE-12362019