Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-16651)

Description

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

Remediation

References

Related Vulnerabilities

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-37823)

GeoServer Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-51444)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.3.6)

WordPress Plugin Daily Prayer Time Cross-Site Scripting (2021.08.07)

MySQL CVE-2019-2566 Vulnerability (CVE-2019-2566)

Severity

High

Classification

CVE-2018-16651 CWE-1236 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities