Tendenci: >> Tendenci >> 12.3.1 Security Vulnerabilities
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-28