WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-4558)

Description

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.

Remediation

References

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7912)

Python CVE-2023-6507 Vulnerability (CVE-2023-6507)

WordPress Plugin Duo Two-Factor Authentication Security Bypass (1.8.1)

WordPress Plugin WordPress File Upload Multiple Unspecified Vulnerabilities (3.10.0)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)

Severity

High

Classification

CVE-2010-4558 CWE-94

Tags

Missing Update Known Vulnerabilities