Security Advisory

CVE-2020-36962

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 17:35:08

Last updated 2026-03-05 01:27:11

Assigner VulnCheck

State PUBLISHED

Description

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like =10+20+cmd| /C calc!A0 in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.

← Browse all CVEs View on cve.org ↗