Description

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

Remediation

References

CVE-2018-16651

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.31)

WordPress Plugin Real WYSIWYG 'insert_file.php' Arbitrary File Upload (0.0.2)

WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)

Severity

High

Classification

CVE-2018-16651 CWE-1236 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities