AttackFeed by Joe Wagner | CSV Injection in nopcommerce v4.10 and 4.80.3  - Full Disclosure

CSV Injection in nopcommerce v4.10 and 4.80.3  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Ron E on Aug 18

nopCommerce versions v4.10 and v4.80.3 are vulnerable to *C*SV Injection
(Formula Injection) when exporting data to CSV. The application does not
properly sanitize user-supplied input before including it in CSV export
files.

An attacker can inject malicious spreadsheet formulas into fields that will
later be exported (for example, order details, product names, or customer
information). When the exported file is opened in spreadsheet software…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Multiple vulnerabilities in the web management interface of Intelbras routers  – Full Disclosure
July 20, 2025
Alert Feeds
Asterisk Security Release 22.5.2  – Full Disclosure
September 8, 2025
Alert Feeds
APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26  – Full Disclosure
September 16, 2025
Alert Feeds
DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding  – Full Disclosure
September 8, 2025
AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.