18 matches found
CVE-2024-27299
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
The vulnerability of the “Add News” function in the phpMyFAQ web application allows a hacker to gain unauthorized access to the application.
The vulnerability of the “Add News” function in the phpMyFAQ web application is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the application...
CVE-2024-27299
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
CVE-2024-27299
phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
PT-2024-2396 · Phpmyfaq · Phpmyfaq
Name of the Vulnerable Software and Affected Versions: phpMyFAQ version 3.2.5 Description: A SQL injection vulnerability has been discovered in the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to...
phpMyFAQ 安全漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.5, which stems from improper escaping of email addresses, resulting in a SQL injection vulnerability in the Add News feature...
Stored XSS on User Management, Category, Add New FAQ, Add News and Configuration
Description Improper validation on user input in Add Category module, Add New FAQ module, Add News and edit Configuration in phpMyFAQ v3.1.9 allow user to execute malicious javascript payload which lead to vulnerability Stored XSS Proof of Concept - Login to demo instance...
CVE-2020-10479
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...
CVE-2020-10397
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-news.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...
HongCMS Cross-Site Scripting Vulnerability
HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in the Add News feature in HongCMS version 3.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a content field...
eazyPortal 1.0.0 - Multiple Vulnerabilities
No description provided by source. ----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010...
MemHT Portal 4.0.2 Multiple Vulnerabilities
Exploit for php platform in category web applications +------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : MemHT Portal 4.0.2 Multiple Vulnerabilities Arbitrary File Upload...
easyPortal 1.0.0 XSS / XSRF
----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: easyPortal...
eazyPortal 1.0.0 - Multiple Vulnerabilities
eazyPortal 1.0.0 - Multiple Vulnerabilities ----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010...
easyPortal v1.0.0 Multiple Vulnerabilities
Exploit for unknown platform in category web applications ========================================== easyPortal v1.0.0 Multiple Vulnerabilities ========================================== ----------------------------------------------------------------------------------------------- Application:...
eazyPortal 1.0.0 - Multiple Vulnerabilities
----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: eazyPortal...