Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pm8c-3qq3-72w7. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated...

CVE-2026-46359 phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

CVE-2026-46359 phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

CVE-2025-62599 FastDDS has Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...

3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs

How OAuth tokens, JWT fields and Entra sign-in logs reveal attacker behavior, and how to turn those signals into reliable detections...

CVE-2017-14487

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...

DEBIAN-CVE-2010-4335

The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...

PT-2011-1505 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 1.2.8 through 1.3.5 Description: The issue allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data Tokenfields value that is processed by the unserialize function. This can be...