CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-36962

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile44.21th
Published2026年1月28日
Last Modified2026年2月2日

Vulnerability Description

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.

Affected Platforms (CPE)

📦
Tendenci

Tendenci

= 12.3.1

References & Advisories

🔗 https://github.com/tendenci/tendenci
🔗 https://www.exploit-db.com/exploits/49145
🔗 https://www.tendenci.com/
🔗 https://www.vulncheck.com/advisories/tendenci-csv-formula-injection
🔗 https://www.exploit-db.com/exploits/49145

関連する脆弱性情報

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2009-32385.5

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, whi...

CVE-2008-07934.3

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web s...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...