The Absurdly Underestimated Dangers of CSV InjectionI’ve been doing the local usergroup circuit with this lately and have been asked to write it up. In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV. That is just about
