Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2025-67851)

Description

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Remediation

References

Related Vulnerabilities

Magento Improper Privilege Management Vulnerability (CVE-2020-9630)

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2017-7657)

WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0)

MySQL CVE-2016-0654 Vulnerability (CVE-2016-0654)

Django Improper Input Validation Vulnerability (CVE-2011-4136)

Severity

High

Classification

CVE-2025-67851 CWE-1236 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities