CVE-2023-3527

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.

Related Vulnerabilities

CVE-2019-20180

MEDIUM
CVSS:6.8(Medium)

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that...

CWE-12362019

CVE-2019-4071

MEDIUM
CVSS:6.8(Medium)

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper valida...

CWE-12362019

CVE-2020-4689

MEDIUM
CVSS:6.8(Medium)

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceI...

CWE-12362020

CVE-2021-36334

MEDIUM
CVSS:6.8(Medium)

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code ex...

CWE-12362021

CVE-2021-37131

MEDIUM
CVSS:6.8(Medium)

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV ...

CWE-12362021