Veracode Vulnerability DatabaseVERACODE:46087SQL Injection
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.5%
phpmyfaq/phpmyfaq is vulnerable to SQL Injection. The vulnerability is caused due to improper escaping of the email address within News.php. This allows authenticated users with appropriate privileges to execute malicious SQL queries, potentially leading to data exfiltration, account takeover, and even Remote Code Execution (RCE).
References
drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing
github.com/advisories/GHSA-qgxx-4xv5-6hcw
github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011
github.com/thorsten/phpMyFAQ/commit/23bec69fe7b266fc033bf85008bad42c5d0d2905
github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.5%