CWE-1236
Improper Neutralization of Formula Elements in a CSV File
Description
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (117)
page 1 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9035 | Cri | 0.66 | 9.6 | 0.08 | Apr 4, 2018 | CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | ||
| CVE-2024-29375 | Cri | 0.65 | 9.8 | 0.01 | Apr 4, 2024 | CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | ||
| CVE-2026-31049 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2026 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field | ||
| CVE-2021-47901 | Cri | 0.64 | 9.8 | 0.00 | Jan 27, 2026 | Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the… | ||
| CVE-2018-15474 | Cri | 0.63 | 9.6 | 0.03 | Sep 7, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the… | ||
| CVE-2018-10258 | Hig | 0.61 | 8.8 | 0.08 | May 1, 2018 | A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||
| CVE-2018-10257 | Hig | 0.61 | 8.8 | 0.04 | May 1, 2018 | A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||
| CVE-2018-10255 | Hig | 0.61 | 8.8 | 0.07 | May 1, 2018 | A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||
| CVE-2018-9107 | Hig | 0.61 | 8.8 | 0.07 | Mar 28, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | ||
| CVE-2018-9106 | Hig | 0.61 | 8.8 | 0.06 | Mar 28, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | ||
| CVE-2026-5242 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. | ||
| CVE-2023-54348 | Hig | 0.57 | 8.8 | 0.00 | May 5, 2026 | ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas… | ||
| CVE-2025-50572 | Hig | 0.57 | 8.8 | 0.00 | Jul 31, 2025 | Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report… | ||
| CVE-2024-53555 | Hig | 0.57 | 8.8 | 0.01 | Nov 26, 2024 | A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. | ||
| CVE-2023-25983 | Hig | 0.57 | 8.8 | 0.01 | Nov 7, 2023 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||
| CVE-2018-8092 | — | Cri | 0.57 | 9.8 | 0.02 | Apr 18, 2018 | Mautic before 2.13.0 allows CSV injection. | |
| CVE-2018-7304 | Hig | 0.57 | 8.8 | 0.01 | Feb 21, 2018 | Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | ||
| CVE-2018-16308 | Hig | 0.56 | 8.6 | 0.02 | Sep 1, 2018 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | ||
| CVE-2018-15571 | Hig | 0.56 | 8.6 | 0.01 | Aug 28, 2018 | The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. | ||
| CVE-2023-0721 | Hig | 0.54 | 8.3 | 0.01 | Jun 9, 2023 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are… |
- risk 0.66cvss 9.6epss 0.08
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
- risk 0.65cvss 9.8epss 0.01
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.
- risk 0.64cvss 9.8epss 0.01
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field
- risk 0.64cvss 9.8epss 0.00
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the…
- risk 0.63cvss 9.6epss 0.03
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the…
- risk 0.61cvss 8.8epss 0.08
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- risk 0.61cvss 8.8epss 0.04
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- risk 0.61cvss 8.8epss 0.07
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- risk 0.61cvss 8.8epss 0.07
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
- risk 0.61cvss 8.8epss 0.06
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
- risk 0.57cvss 8.8epss 0.00
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
- risk 0.57cvss 8.8epss 0.00
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas…
- risk 0.57cvss 8.8epss 0.00
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report…
- risk 0.57cvss 8.8epss 0.01
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
- risk 0.57cvss 8.8epss 0.01
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.
- risk 0.57cvss 9.8epss 0.02
Mautic before 2.13.0 allows CSV injection.
- risk 0.57cvss 8.8epss 0.01
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
- risk 0.56cvss 8.6epss 0.02
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
- risk 0.56cvss 8.6epss 0.01
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
- risk 0.54cvss 8.3epss 0.01
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are…