Tendenci · Tendenci · CVE-2020-36962
**Name of the Vulnerable Software and Affected Versions**
Tendenci version 12.3.1
**Description**
The software contains a CSV formula injection issue in the contact form message field. This allows attackers to inject malicious formulas when a CSV file is exported. By submitting crafted payloads, such as '=10+20+cmd|' /C calc'!A0', within the message field, attackers can trigger arbitrary command execution when the CSV file is opened in spreadsheet applications. The vulnerable component is the message field within the contact form.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.