CVE-2023-50448

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.

Related Vulnerabilities

CVE-2019-13181

MEDIUM
CVSS:6.5(Medium)

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CWE-12362019

CVE-2019-16959

MEDIUM
CVSS:6.5(Medium)

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CWE-12362019

CVE-2019-6187

MEDIUM
CVSS:6.5(Medium)

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC...

CWE-12362019

CVE-2020-4627

MEDIUM
CVSS:6.5(Medium)

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. ...

CWE-12362020

CVE-2021-41270

MEDIUM
CVSS:6.5(Medium)

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 befo...

CWE-12362021

CVE-2024-27785

MEDIUM
CVSS:6.5(Medium)

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's ...

CWE-12362024