From the screenshot of the page from Exploit Database about the Knockpy 4.1.1 - CSV Injection vulnerability, here are the key details extracted: Vulnerability Type: CSV Injection Edb-ID: 49342 Platform: Python Date: 2021-01-04 Author: Dolev Farhi Exploit Type: Local Vulnerable Application: Knockpy version 4.1.1 CVE: N/A (indicating there may not be a Common Vulnerabilities and Exposures identifier associated with this exploit) The vulnerability involves Knockpy, a tool for subdomain brute force enumeration, mishandling of CSV data, which can lead to injection attacks. Specifically, the server's HTTP response header is unfiltered and reflected in the CSV file when the flag is used to store data. The example code snippet provided demonstrates a malicious Nginx configuration returning a CSV formula in headers, facilitating the injection attack: And the tester runs Knockpy with the flag to scan a target, leading to the injection: This results in the creation of a CSV file with the injection payload: