Description

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.

Remediation

References

CVE-2010-4558

Related Vulnerabilities

IBM RTC Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-29844)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4224)

WordPress Plugin LayerSlider SQL Injection (7.10.0)

WordPress Plugin Codestyling Localization 'name' Parameter Cross-Site Scripting (1.99.19)

Joomla! Core Cross-Site Scripting (1.7.0 - 3.9.5)

Severity

High

Classification

CVE-2010-4558 CWE-94

Tags

Missing Update Known Vulnerabilities