header-logo
Suggest Exploit
vendor:
phpMyFAQ
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpMyFAQ
Affected Version From: 1.5.2001
Affected Version To: 1.5.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:phpmyfaq:phpmyfaq:1.5.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

phpMyFAQ SQL Injection Vulnerability

phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. phpMyFAQ version 1.5.1 is reported prone to this vulnerability. switch to /admin directory, click on 'forgotten password' feature, user: ' or isnull(1/0) /*, mail: [your_email]

Mitigation:

Input validation should be used to detect and prevent malicious input from entering an application. All input data should be validated against a white list of accepted characters and/or types.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14927/info

phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

phpMyFAQ version 1.5.1 is reported prone to this vulnerability. 

switch to /admin directory, click on "forgotten password" feature
user: ' or isnull(1/0) /*
mail: [your_email]

Navigation

Suggest Exploit

Services By CQR