Critical severity9.6OSV Advisory· Published Sep 7, 2018· Updated Jun 17, 2026
CVE-2018-15474
CVE-2018-15474
Description
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/splitbrain/dokuwiki/issues/2450nvdExploitIssue TrackingThird Party Advisory
- seclists.org/fulldisclosure/2018/Sep/4nvdExploitMailing ListThird Party Advisory
- www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/nvdExploitThird Party Advisory
- www.patreon.com/posts/unfixed-security-21250652nvd
News mentions
0No linked articles in our index yet.