2 matches found
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
CVE-2024-27299
phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...