Unrated severityOSV Advisory· Published Jan 28, 2026· Updated Mar 5, 2026
Tendenci 12.3.1 - CSV/ Formula Injection
CVE-2020-36962
Description
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/49145mitreexploit
- www.vulncheck.com/advisories/tendenci-csv-formula-injectionmitrethird-party-advisory
- www.tendenci.commitreproduct
News mentions
0No linked articles in our index yet.