VYPR

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

BaseIncomplete

Description

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (117)

page 5 of 6
  • CVE-2026-41073MedMay 22, 2026
    risk 0.23cvss 4.6epss 0.00

    RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output…

  • CVE-2025-11576MedOct 24, 2025
    risk 0.21cvss 4.3epss 0.00

    The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_chatbot_export_messages' function. This…

  • CVE-2025-11254MedOct 11, 2025
    risk 0.21cvss 4.3epss 0.00

    The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into…

  • CVE-2025-7061LowJul 4, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2025-61873LowJan 16, 2026
    risk 0.17cvss 2.6epss 0.00

    Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

  • CVE-2025-1421LowMay 21, 2025
    risk 0.16cvss epss 0.00

    Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access…

  • CVE-2018-11652CriJun 1, 2018
    risk 0.05cvss 9.8epss 0.25

    CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

  • CVE-2023-29918May 2, 2023
    risk 0.03cvss epss 0.02

    RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

  • CVE-2026-47693Jun 8, 2026
    risk 0.00cvss epss 0.00

    Description: ### Summary Poweradmin v4.4.0 is vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters (=, +, -,…

  • CVE-2025-67851Feb 3, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute.…

  • CVE-2020-36962Jan 28, 2026
    risk 0.00cvss epss 0.11

    Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary…

  • CVE-2023-53929Dec 17, 2025
    risk 0.00cvss epss 0.00

    phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user…

  • CVE-2025-62417Oct 16, 2025
    risk 0.00cvss epss 0.00

    Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as…

  • CVE-2025-55745Aug 22, 2025
    risk 0.00cvss epss 0.01

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious…

  • CVE-2024-55532Mar 3, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

  • CVE-2024-27321Sep 12, 2024
    risk 0.00cvss epss 0.00

    An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file…

  • CVE-2024-27320Sep 12, 2024
    risk 0.00cvss epss 0.00

    An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing…

  • CVE-2023-50448Dec 28, 2023
    risk 0.00cvss epss 0.01

    In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.

  • CVE-2023-51763Dec 24, 2023
    risk 0.00cvss epss 0.01

    csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

  • CVE-2023-4006Jul 31, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.