CVE-2024-22063

CRITICAL Year: 2024
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-1236
View all →

Vulnerability Description

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

Related Vulnerabilities

CVE-2022-2112

CRITICAL
CVSS:9.0(Critical)

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

CWE-12362022

CVE-2023-45597

CRITICAL
CVSS:9.0(Critical)

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a r...

CWE-12362023

CVE-2024-47572

CRITICAL
CVSS:9.0(Critical)

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

CWE-12362024

CVE-2018-10255

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, lead...

CWE-12362018

CVE-2018-10257

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading ...

CWE-12362018

CVE-2018-10258

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to pos...

CWE-12362018