Improper Neutralization of Formula Elements in a CSV File in Mautic - CVE-2018-8092
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote user to inject formula content into exported contact list CSV files.
The vulnerability exists due to improper neutralization of formula elements in exported CSV content in the contact list export feature when exporting contact lists. A remote user can supply crafted contact data to inject formula content into exported contact list CSV files.
User interaction is required to open the exported CSV file in a spreadsheet application.