CWE-1236
AllowedImproper Neutralization of Formula Elements in a CSV File
Abstraction: Base · Status: Incomplete
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
401 vulnerabilities reference this CWE, most recent first.
CVE-2023-5527 (GCVE-0-2023-5527)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:38 – Updated: 2026-04-08 17:31- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress |
Affected:
0 , ≤ 6.4.3
(semver)
|
|
| strategy11team | business_directory_plugin |
Affected:
0 , ≤ 6.4.3
(custom)
cpe:2.3:a:strategy11team:business_directory_plugin:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:strategy11team:business_directory_plugin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_directory_plugin",
"vendor": "strategy11team",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:52:25.518684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T13:53:51.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress",
"vendor": "strategy11team",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:31:30.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"
},
{
"url": "https://research.cleantalk.org/cve-2023-5527/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Business Directory Plugin \u003c= 6.4.3 - Authenticated (Author+) CSV Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5527",
"datePublished": "2024-06-18T05:38:13.533Z",
"dateReserved": "2023-10-11T16:01:36.538Z",
"dateUpdated": "2026-04-08T17:31:30.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5424 (GCVE-0-2023-5424)
Vulnerability from cvelistv5 – Published: 2024-06-07 09:33 – Updated: 2026-04-08 16:46- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| westguard | WS Form LITE – Drag & Drop Contact Form Builder |
Affected:
0 , ≤ 1.9.217
(semver)
|
|
| WS Form | WS Form Pro |
Affected:
0 , ≤ 1.9.217
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T12:19:36.481560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T12:19:52.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38ccaa81-77ec-46f2-9bec-d74fa2e093f3?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wsform.com/changelog/?utm_source=wp_plugins\u0026utm_medium=readme"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3098265%40ws-form\u0026new=3098265%40ws-form\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WS Form LITE \u2013 Drag \u0026 Drop Contact Form Builder",
"vendor": "westguard",
"versions": [
{
"lessThanOrEqual": "1.9.217",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WS Form Pro",
"vendor": "WS Form",
"versions": [
{
"lessThanOrEqual": "1.9.217",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Duc Manh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:46:37.402Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38ccaa81-77ec-46f2-9bec-d74fa2e093f3?source=cve"
},
{
"url": "https://wsform.com/changelog/?utm_source=wp_plugins\u0026utm_medium=readme"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3098265%40ws-form\u0026new=3098265%40ws-form\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-05T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-06T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WS Form LITE \u003c= 1.9.217 - Unauthenticated CSV Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5424",
"datePublished": "2024-06-07T09:33:35.882Z",
"dateReserved": "2023-10-05T12:15:52.704Z",
"dateUpdated": "2026-04-08T16:46:37.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4006 (GCVE-0-2023-4006)
Vulnerability from cvelistv5 – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:41- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| thorsten | thorsten/phpmyfaq |
Affected:
unspecified , < 3.1.16
(custom)
|
|
| phpmyfaq | phpmyfaq |
Affected:
0 , < 3.1.16
(custom)
cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpmyfaq",
"vendor": "phpmyfaq",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:40:23.540532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:41:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thorsten/phpmyfaq",
"vendor": "thorsten",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:20.202Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"
},
{
"url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"
}
],
"source": {
"advisory": "36149a42-cbd5-445e-a371-e351c899b189",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4006",
"datePublished": "2023-07-31T00:00:20.202Z",
"dateReserved": "2023-07-31T00:00:06.865Z",
"dateUpdated": "2024-10-11T19:41:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3527 (GCVE-0-2023-3527)
Vulnerability from cvelistv5 – Published: 2023-07-18 21:10 – Updated: 2024-10-21 14:36- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| Avaya | Avaya Call Management System |
Affected:
19.x.x.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.avaya.com/css/public/documents/101086364"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T14:35:41.566235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T14:36:19.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Avaya Call Management System",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "19.x.x.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CSV injection vulnerability was found in the\u0026nbsp;Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003esuch as Microsoft Excel\u003c/span\u003e.\n\n\u0026nbsp;\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A CSV injection vulnerability was found in the\u00a0Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software \n\nsuch as Microsoft Excel.\n\n\u00a0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T21:10:36.841Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"url": "https://download.avaya.com/css/public/documents/101086364"
}
],
"source": {
"defect": [
"CMS-7027"
],
"discovery": "EXTERNAL"
},
"title": "Avaya Call Management System CSV injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2023-3527",
"datePublished": "2023-07-18T21:10:36.841Z",
"dateReserved": "2023-07-06T16:01:05.440Z",
"dateUpdated": "2024-10-21T14:36:19.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3493 (GCVE-0-2023-3493)
Vulnerability from cvelistv5 – Published: 2023-06-30 21:14 – Updated: 2024-11-04 20:56- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
|
| fossbilling | fossbilling |
Affected:
0 , < 0.5.3
(custom)
cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:02.754628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:56:19.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:14:49.035Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"source": {
"advisory": "e9a272ca-b050-441d-a8cb-4fdecb76ccce",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3493",
"datePublished": "2023-06-30T21:14:49.035Z",
"dateReserved": "2023-06-30T21:14:42.846Z",
"dateUpdated": "2024-11-04T20:56:19.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3302 (GCVE-0-2023-3302)
Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2024-11-07 20:05- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| admidio | admidio/admidio |
Affected:
unspecified , < 4.2.9
(custom)
|
|
| admidio | admidio |
Affected:
0 , < 4.2.9
(custom)
cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "admidio",
"vendor": "admidio",
"versions": [
{
"lessThan": "4.2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3302",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:02:47.340349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:05:51.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admidio/admidio",
"vendor": "admidio",
"versions": [
{
"lessThan": "4.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5e18619f-8379-464a-aad2-65883bb4e81a"
},
{
"url": "https://github.com/admidio/admidio/commit/c87a7074a1a73c4851263060afd76aa4d5b6415f"
}
],
"source": {
"advisory": "5e18619f-8379-464a-aad2-65883bb4e81a",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in admidio/admidio"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3302",
"datePublished": "2023-06-23T00:00:00.000Z",
"dateReserved": "2023-06-18T00:00:00.000Z",
"dateUpdated": "2024-11-07T20:05:51.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2629 (GCVE-0-2023-2629)
Vulnerability from cvelistv5 – Published: 2023-05-10 00:00 – Updated: 2025-01-27 19:40- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | pimcore/customer-data-framework |
Affected:
unspecified , < 3.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/821ff465-4754-42d1-9376-813c17f16a01"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/customer-data-framework/commit/4e0105c3a78d20686a0c010faef27d2297b98803"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T19:40:19.007516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T19:40:22.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/customer-data-framework",
"vendor": "pimcore",
"versions": [
{
"lessThan": "3.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/821ff465-4754-42d1-9376-813c17f16a01"
},
{
"url": "https://github.com/pimcore/customer-data-framework/commit/4e0105c3a78d20686a0c010faef27d2297b98803"
}
],
"source": {
"advisory": "821ff465-4754-42d1-9376-813c17f16a01",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2629",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T19:40:22.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2258 (GCVE-0-2023-2258)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:11- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| alfio-event | alfio-event/alf.io |
Affected:
unspecified , < 2.0-M4-2304
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:11:49.258703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:11:55.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "alfio-event/alf.io",
"vendor": "alfio-event",
"versions": [
{
"lessThan": "2.0-M4-2304",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2"
},
{
"url": "https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f"
}
],
"source": {
"advisory": "31eaf0fe-4d91-4022-aa9b-802bc6eafb8f",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2258",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-04-24T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:11:55.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0721 (GCVE-0-2023-0721)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:23- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 3.3.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/core/entries/export.php?rev=2845078"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2907471/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T16:00:11.706817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T16:19:09.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:23:54.553Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/core/entries/export.php?rev=2845078"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2907471/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-07T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Metform Elementor Contact Form Builder \u003c= 3.3.0 - Unauthenticated CSV Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-0721",
"datePublished": "2023-06-09T05:33:33.988Z",
"dateReserved": "2023-02-07T16:44:17.504Z",
"dateUpdated": "2026-04-08T17:23:54.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-47442 (GCVE-0-2022-47442)
Vulnerability from cvelistv5 – Published: 2023-11-07 15:09 – Updated: 2026-04-28 16:07- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/use… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| AyeCode Ltd | UsersWP |
Affected:
n/a , ≤ 1.2.3.9
(custom)
|
|
| ayecode | userswp |
Affected:
0 , ≤ 1.2.3.9
(custom)
cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:07.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-plugin-1-2-3-9-csv-injection?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ayecode:userswp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "userswp",
"vendor": "ayecode",
"versions": [
{
"lessThanOrEqual": "1.2.3.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:14:10.245962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:15:28.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "userswp",
"product": "UsersWP",
"vendor": "AyeCode Ltd",
"versions": [
{
"changes": [
{
"at": "1.2.3.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.3.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Justiice (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.\u003cp\u003eThis issue affects UsersWP: from n/a through 1.2.3.9.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:57.522Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-plugin-1-2-3-9-csv-injection?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a01.2.3.10 or a higher version."
}
],
"value": "Update to\u00a01.2.3.10 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress UsersWP Plugin \u003c= 1.2.3.9 is vulnerable to CSV Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-47442",
"datePublished": "2023-11-07T15:09:29.695Z",
"dateReserved": "2022-12-15T00:08:13.451Z",
"dateUpdated": "2026-04-28T16:07:57.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include '=' (equal), '+' (plus), '-' (minus), and '@' (at).
Mitigation
If a field starts with a formula character, prepend it with a ' (single apostrophe), which prevents Excel from executing the formula.
Mitigation
Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.
No CAPEC attack patterns related to this CWE.