CVE-2024-3232

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-1236
View all →

Vulnerability Description

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

Related Vulnerabilities

CVE-2023-31294

HIGH
CVSS:7.5(High)

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.

CWE-12362023

CVE-2023-31295

HIGH
CVSS:7.5(High)

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.

CWE-12362023

CVE-2023-3493

HIGH
CVSS:7.7(High)

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CWE-12362023

CVE-2018-10504

HIGH
CVSS:7.8(High)

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

CWE-12362018

CVE-2018-11525

HIGH
CVSS:7.8(High)

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

CWE-12362018

CVE-2018-11526

HIGH
CVSS:7.8(High)

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

CWE-12362018