Description The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. Remediation References CVE-2018-16651 Related Vulnerabilities MySQL CVE-2018-3137 Vulnerability (CVE-2018-3137) WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1) WordPress Plugin Location Weather Cross-Site Scripting (1.3.3) WordPress Plugin Authenticator Denial of Service (1.3.0) WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Multiple Vulnerabilities (1.12.25) Severity High Classification CVE-2018-16651 CWE-1236 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities