What is CSV injection?

Question

CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or LibreOffice Calc is used to open a CSV, any cells starting with = will be interpreted by the software as a formula.

Is CSV file a virus?

Without validation, the exported CSV file could contain maliciously crafted formulas. If a malicious formula is executed by CSV applications, such as Microsoft Excel, Apple Numbers, or Google Sheets, among others, it could compromise your data, your system, or both.

What is CSV injection impact?

“CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files” (OWASP). If an exported data field (or a cell in an opened CSV file) begins with certain characters that field is treated as a formula and may be executed automatically.

What is CSV full form?

A CSV (comma-separated values) file is a text file that has a specific format which allows data to be saved in a table structured format.

Why is CSV preferred?

CSV files can be opened by any spreadsheet program: Microsoft Excel, Open Office, Google Sheets, etc. You can open a CSV file in a simple text editor as well. It is a very widespread and popular file format for storing and reading data because it is simple and it's compatible with most platforms.

Expert · Answer