Description

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

Remediation

References

CVE-2006-6912

Related Vulnerabilities

Oracle Database Server CVE-2019-2547 Vulnerability (CVE-2019-2547)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15005)

WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)

Drupal Other Vulnerability (CVE-2016-3164)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4064)

Severity

High

Classification

CVE-2006-6912 CWE-138

Tags

Missing Update Known Vulnerabilities