CWE-1236

Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

CVE-2025-54752 (GCVE-0-2025-54752)
Vulnerability from cvelistv5
Published
2025-07-31 07:21
Modified
2025-07-31 15:44
CWE
  • CWE-1236 - Improper neutralization of formula elements in a CSV file
Summary
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.
Impacted products
Vendor Product Version
Alfasado Inc. PowerCMS Version: 6.7 and earlier (PowerCMS 6.x series)
Create a notification for this product.
   Alfasado Inc. PowerCMS Version: 5.3 and earlier (PowerCMS 5.x series)
Create a notification for this product.
   Alfasado Inc. PowerCMS Version: 4.6 and earlier (PowerCMS 4.x series)
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-31T15:39:04.065052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:44:45.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PowerCMS",
          "vendor": "Alfasado Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.7 and earlier (PowerCMS 6.x series)"
            }
          ]
        },
        {
          "product": "PowerCMS",
          "vendor": "Alfasado Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.3 and earlier (PowerCMS 5.x series)"
            }
          ]
        },
        {
          "product": "PowerCMS",
          "vendor": "Alfasado Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.6 and earlier (PowerCMS 4.x series)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file.  If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user\u0027s environment, the embedded code may be executed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "Improper neutralization of formula elements in a CSV file",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-31T07:21:57.639Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.powercms.jp/news/release-powercms-671-531-461.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU93412964/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-54752",
    "datePublished": "2025-07-31T07:21:57.639Z",
    "dateReserved": "2025-07-30T05:36:44.305Z",
    "dateUpdated": "2025-07-31T15:44:45.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55745 (GCVE-0-2025-55745)
Vulnerability from cvelistv5
Published
2025-08-22 16:14
Modified
2025-08-22 20:03
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported CSV files. When the CSV file is opened in spreadsheet applications such as Microsoft Excel, the malicious input may be interpreted as a formula or command, potentially resulting in the execution of arbitrary code on the victim's device. Successful exploitation can lead to remote code execution, including the establishment of a reverse shell. Users are advised to upgrade to version 0.3.1 or later.
Impacted products
Vendor Product Version
unopim unopim Version: < 0.3.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55745",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T20:02:44.930160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T20:03:01.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "unopim",
          "vendor": "unopim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported CSV files. When the CSV file is opened in spreadsheet applications such as Microsoft Excel, the malicious input may be interpreted as a formula or command, potentially resulting in the execution of arbitrary code on the victim\u0027s device. Successful exploitation can lead to remote code execution, including the establishment of a reverse shell. Users are advised to upgrade to version 0.3.1 or later."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T16:14:33.134Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx"
        },
        {
          "name": "https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34"
        }
      ],
      "source": {
        "advisory": "GHSA-74rg-6f92-g6wx",
        "discovery": "UNKNOWN"
      },
      "title": "UnoPim Quick Export feature is vulnerable to CSV injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55745",
    "datePublished": "2025-08-22T16:14:33.134Z",
    "dateReserved": "2025-08-14T22:31:17.685Z",
    "dateUpdated": "2025-08-22T20:03:01.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58855 (GCVE-0-2025-58855)
Vulnerability from cvelistv5
Published
2025-09-05 13:45
Modified
2025-09-05 19:50
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin allows Reflected XSS. This issue affects AP HoneyPot WordPress Plugin: from n/a through 1.4.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-05T19:49:51.393010Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-05T19:50:02.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "ap-honeypot",
          "product": "AP HoneyPot WordPress Plugin",
          "vendor": "Denis V (Artprima)",
          "versions": [
            {
              "lessThanOrEqual": "1.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nguyen Xuan Chien (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin allows Reflected XSS.\u003c/p\u003e\u003cp\u003eThis issue affects AP HoneyPot WordPress Plugin: from n/a through 1.4.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin allows Reflected XSS. This issue affects AP HoneyPot WordPress Plugin: from n/a through 1.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-591",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-591 Reflected XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-05T13:45:37.288Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/ap-honeypot/vulnerability/wordpress-ap-honeypot-wordpress-plugin-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress AP HoneyPot WordPress Plugin Plugin \u003c= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-58855",
    "datePublished": "2025-09-05T13:45:37.288Z",
    "dateReserved": "2025-09-05T10:49:57.446Z",
    "dateUpdated": "2025-09-05T19:50:02.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6838 (GCVE-0-2025-6838)
Vulnerability from cvelistv5
Published
2025-07-11 08:22
Modified
2025-07-11 15:25
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Impacted products
Vendor Product Version
apos37 Broken Link Notifier Version: *    1.3.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T15:25:04.831070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T15:25:30.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Broken Link Notifier",
          "vendor": "apos37",
          "versions": [
            {
              "lessThanOrEqual": "1.3.0",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonas Benjamin Friedli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T08:22:23.583Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd96beee-afcb-4439-ad9b-f24e8afeac3c?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3323864%40broken-link-notifier\u0026new=3323864%40broken-link-notifier\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-07T15:23:24.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-07-10T19:45:24.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Broken Link Notifier \u003c= 1.3.0 - Authenticated (Contributor+) CSV Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-6838",
    "datePublished": "2025-07-11T08:22:23.583Z",
    "dateReserved": "2025-06-27T18:38:38.615Z",
    "dateUpdated": "2025-07-11T15:25:30.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7061 (GCVE-0-2025-7061)
Vulnerability from cvelistv5
Published
2025-07-04 12:32
Modified
2025-07-07 16:23
CWE
Summary
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
https://vuldb.com/?id.314836vdb-entry
https://vuldb.com/?ctiid.314836signature, permissions-required
https://vuldb.com/?submit.600881third-party-advisory
Impacted products
Vendor Product Version
Intelbras InControl Version: 2.21.60.0
Version: 2.21.60.1
Version: 2.21.60.2
Version: 2.21.60.3
Version: 2.21.60.4
Version: 2.21.60.5
Version: 2.21.60.6
Version: 2.21.60.7
Version: 2.21.60.8
Version: 2.21.60.9
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7061",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-07T16:23:15.540883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-07T16:23:17.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.600881"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InControl",
          "vendor": "Intelbras",
          "versions": [
            {
              "status": "affected",
              "version": "2.21.60.0"
            },
            {
              "status": "affected",
              "version": "2.21.60.1"
            },
            {
              "status": "affected",
              "version": "2.21.60.2"
            },
            {
              "status": "affected",
              "version": "2.21.60.3"
            },
            {
              "status": "affected",
              "version": "2.21.60.4"
            },
            {
              "status": "affected",
              "version": "2.21.60.5"
            },
            {
              "status": "affected",
              "version": "2.21.60.6"
            },
            {
              "status": "affected",
              "version": "2.21.60.7"
            },
            {
              "status": "affected",
              "version": "2.21.60.8"
            },
            {
              "status": "affected",
              "version": "2.21.60.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lorenzomoulin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Intelbras InControl bis 2.21.60.9 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /v1/operador/. Mittels dem Manipulieren mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CSV Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-04T12:32:04.865Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-314836 | Intelbras InControl operador csv injection",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.314836"
        },
        {
          "name": "VDB-314836 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.314836"
        },
        {
          "name": "Submit #600881 | Intelbras InControl 2.21.60.9 CSV Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.600881"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-04T08:06:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Intelbras InControl operador csv injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-7061",
    "datePublished": "2025-07-04T12:32:04.865Z",
    "dateReserved": "2025-07-04T06:01:33.147Z",
    "dateUpdated": "2025-07-07T16:23:17.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8767 (GCVE-0-2025-8767)
Vulnerability from cvelistv5
Published
2025-08-12 06:42
Modified
2025-08-12 20:07
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Impacted products
Vendor Product Version
anwppro AnWP Football Leagues Version: *    0.16.17
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T20:06:56.458368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T20:07:51.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AnWP Football Leagues",
          "vendor": "anwppro",
          "versions": [
            {
              "lessThanOrEqual": "0.16.17",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonas Benjamin Friedli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the \u0027download_csv_players\u0027 and \u0027download_csv_games\u0027 functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T06:42:40.577Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04676263-cdad-40cd-bb54-61beb727e09d?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/football-leagues-by-anwppro/trunk/includes/class-anwpfl-data-port.php#L93"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/football-leagues-by-anwppro/trunk/includes/class-anwpfl-data-port.php#L265"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/football-leagues-by-anwppro/trunk/includes/class-anwpfl-data-port.php#L58"
        },
        {
          "url": "http://plugins.trac.wordpress.org/changeset/3342787/football-leagues-by-anwppro/trunk/includes/class-anwpfl-data-port.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-08T19:24:04.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-08-11T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "AnWP Football Leagues \u003c= 0.16.17 - Authenticated (Administrator+) CSV Injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-8767",
    "datePublished": "2025-08-12T06:42:40.577Z",
    "dateReserved": "2025-08-08T18:17:14.475Z",
    "dateUpdated": "2025-08-12T20:07:51.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8808 (GCVE-0-2025-8808)
Vulnerability from cvelistv5
Published
2025-08-10 12:02
Modified
2025-08-12 15:36
CWE
Summary
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
https://vuldb.com/?id.319337vdb-entry, technical-description
https://vuldb.com/?ctiid.319337signature, permissions-required
https://vuldb.com/?submit.626673third-party-advisory
https://github.com/N1n3b9S/cve/issues/16exploit, issue-tracking
Impacted products
Vendor Product Version
xujeff tianti 天梯 Version: 2.0
Version: 2.1
Version: 2.2
Version: 2.3
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8808",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T15:15:28.786357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T15:36:53.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "com.jeff.tianti.controller"
          ],
          "product": "tianti \u5929\u68af",
          "vendor": "xujeff",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in xujeff tianti \u5929\u68af up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in xujeff tianti \u5929\u68af bis 2.3 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft die Funktion exportOrder der Datei /tianti-module-admin/user/ajax/save der Komponente com.jeff.tianti.controller. Durch das Manipulieren mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CSV Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-10T12:02:06.561Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319337 | xujeff tianti \u5929\u68af com.jeff.tianti.controller save exportOrder csv injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319337"
        },
        {
          "name": "VDB-319337 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319337"
        },
        {
          "name": "Submit #626673 | Tianti Project Tianti 2.3 CSV Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.626673"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/N1n3b9S/cve/issues/16"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-09T09:56:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "xujeff tianti \u5929\u68af com.jeff.tianti.controller save exportOrder csv injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8808",
    "datePublished": "2025-08-10T12:02:06.561Z",
    "dateReserved": "2025-08-09T07:51:06.464Z",
    "dateUpdated": "2025-08-12T15:36:53.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9241 (GCVE-0-2025-9241)
Vulnerability from cvelistv5
Published
2025-08-20 19:32
Modified
2025-08-20 20:21
CWE
Summary
A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
References
https://vuldb.com/?id.320774vdb-entry, technical-description
https://vuldb.com/?ctiid.320774signature, permissions-required
https://vuldb.com/?submit.631473third-party-advisory
https://github.com/elunez/eladmin/issues/886issue-tracking
https://github.com/elunez/eladmin/issues/886#issue-3307309824exploit, issue-tracking
Impacted products
Vendor Product Version
elunez eladmin Version: 2.0
Version: 2.1
Version: 2.2
Version: 2.3
Version: 2.4
Version: 2.5
Version: 2.6
Version: 2.7
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9241",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-20T20:21:29.641444Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-20T20:21:38.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "eladmin",
          "vendor": "elunez",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.6"
            },
            {
              "status": "affected",
              "version": "2.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ez-lbz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited."
        },
        {
          "lang": "de",
          "value": "In elunez eladmin bis 2.7 wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion exportUser. Mittels Manipulieren mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CSV Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T19:32:05.488Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320774 | elunez eladmin exportUser csv injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.320774"
        },
        {
          "name": "VDB-320774 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320774"
        },
        {
          "name": "Submit #631473 | elunez eladmin \u2264 2.7 CSV/XLSX Injection(CWE-1236)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631473"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/elunez/eladmin/issues/886"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/elunez/eladmin/issues/886#issue-3307309824"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-20T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-20T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-20T13:12:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "elunez eladmin exportUser csv injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9241",
    "datePublished": "2025-08-20T19:32:05.488Z",
    "dateReserved": "2025-08-20T11:07:03.857Z",
    "dateUpdated": "2025-08-20T20:21:38.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Implementation

Description:

  • When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include '=' (equal), '+' (plus), '-' (minus), and '@' (at).
Mitigation

Phase: Implementation

Description:

  • If a field starts with a formula character, prepend it with a ' (single apostrophe), which prevents Excel from executing the formula.
Mitigation

Phase: Architecture and Design

Description:

  • Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page