CWE-1236: Improper Neutralization of Formula Elements in a CSV File — known CVE vulnerabilities
CVEs classified under CWE-1236 (Improper Neutralization of Formula Elements in a CSV File), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-31049 — CVSS 9.8 (critical): An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV…
CVE-2020-36962 — CVSS 9.8 (critical): Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious…
CVE-2021-47901 — CVSS 9.8 (critical): Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through…
CVE-2020-36941 — CVSS 9.8 (critical): Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered…
CVE-2025-56267 — CVSS 9.8 (critical): A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via…
CVE-2023-47295 — CVSS 9.8 (critical): A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload…
CVE-2024-55532 — CVSS 9.8 (critical): Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended…
CVE-2024-47485 — CVSS 9.8 (critical): There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to…
CVE-2024-29375 — CVSS 9.8 (critical): CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to…
CVE-2023-4006 — CVSS 9.8 (critical): Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
CVE-2022-3574 — CVSS 9.8 (critical): The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV…
CVE-2022-3463 — CVSS 9.8 (critical): The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a…
CVE-2022-22425 — CVSS 9.8 (critical): "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on…
CVE-2022-3393 — CVSS 9.8 (critical): The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV…
CVE-2022-0142 — CVSS 9.8 (critical): The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to…
CVE-2022-26249 — CVSS 9.8 (critical): Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access…
CVE-2021-38180 — CVSS 9.8 (critical): SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper…
CVE-2020-11548 — CVSS 9.8 (critical): The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could…
CVE-2020-7947 — CVSS 9.8 (critical): An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is…
CVE-2020-9347 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by…
CVE-2019-0403 — CVSS 9.8 (critical): SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading…
CVE-2019-4521 — CVSS 9.8 (critical): Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary…
CVE-2019-16184 — CVSS 9.8 (critical): A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey…
CVE-2019-12765 — CVSS 9.8 (critical): An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVE-2018-20752 — CVSS 9.8 (critical): An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More…
CVE-2018-11652 — CVSS 9.8 (critical): CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an…
CVE-2023-47534 — CVSS 9.6 (critical): A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10…
CVE-2019-19676 — CVSS 9.6 (critical): A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the…
CVE-2018-15474 — CVSS 9.6 (critical): CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier…
CVE-2018-9035 — CVSS 9.6 (critical): CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote…
CVE-2026-23873 — CVSS 9.0 (critical): hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV…
CVE-2024-47572 — CVSS 9.0 (critical): An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute…
CVE-2020-4627 — CVSS 9.0 (critical): IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the…
CVE-2018-1774 — CVSS 8.9 (high): IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could…
CVE-2026-5242 — CVSS 8.8 (high): Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This…
CVE-2023-54348 — CVSS 8.8 (high): ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name…
CVE-2023-53929 — CVSS 8.8 (high): phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile…
CVE-2023-53913 — CVSS 8.8 (high): Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname…
CVE-2025-55745 — CVSS 8.8 (high): UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are…
CVE-2025-50572 — CVSS 8.8 (high): Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be…