VYPR

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

BaseIncomplete

Description

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (117)

page 1 of 6
  • CVE-2018-9035CriApr 4, 2018
    risk 0.66cvss 9.6epss 0.08

    CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.

  • CVE-2024-29375CriApr 4, 2024
    risk 0.65cvss 9.8epss 0.01

    CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

  • CVE-2026-31049CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field

  • CVE-2021-47901CriJan 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the…

  • CVE-2018-15474CriSep 7, 2018
    risk 0.63cvss 9.6epss 0.03

    CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the…

  • CVE-2018-10258HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.08

    A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

  • CVE-2018-10257HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.04

    A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

  • CVE-2018-10255HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.07

    A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

  • CVE-2018-9107HigMar 28, 2018
    risk 0.61cvss 8.8epss 0.07

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

  • CVE-2018-9106HigMar 28, 2018
    risk 0.61cvss 8.8epss 0.06

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.

  • CVE-2026-5242HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

  • CVE-2023-54348HigMay 5, 2026
    risk 0.57cvss 8.8epss 0.00

    ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas…

  • CVE-2025-50572HigJul 31, 2025
    risk 0.57cvss 8.8epss 0.00

    Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report…

  • CVE-2024-53555HigNov 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.

  • CVE-2023-25983HigNov 7, 2023
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.

  • CVE-2018-8092CriApr 18, 2018
    risk 0.57cvss 9.8epss 0.02

    Mautic before 2.13.0 allows CSV injection.

  • CVE-2018-7304HigFeb 21, 2018
    risk 0.57cvss 8.8epss 0.01

    Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.

  • CVE-2018-16308HigSep 1, 2018
    risk 0.56cvss 8.6epss 0.02

    The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.

  • CVE-2018-15571HigAug 28, 2018
    risk 0.56cvss 8.6epss 0.01

    The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.

  • CVE-2023-0721HigJun 9, 2023
    risk 0.54cvss 8.3epss 0.01

    The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are…