CVE-2020-36962

Medium CVSS: 5.3

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.

Vendor

Tendenci

Product

Tendenci

CWE

CWE-1236

Yayın Tarihi

2026-01-28 18:16:46

Güncelleme

2026-02-02 19:13:52

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1236 Tendenci MEDIUM Tendenci 2026

Referanslar

https://github.com/tendenci/tendenci https://www.exploit-db.com/exploits/49145 https://www.tendenci.com/ https://www.vulncheck.com/advisories/tendenci-csv-formula-injection https://www.exploit-db.com/exploits/49145

Benzer Kayıtlar

Medium

CVE-2025-70959

A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute…

Medium

CVE-2025-70960

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execu…

Medium

CVE-2026-23946

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions…