CVE-2023-53929

Medium CVSS: 6.2

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.

Vendor

Phpmyfaq

Product

Phpmyfaq

CWE

CWE-1236

Yayın Tarihi

2025-12-17 23:15:52

Güncelleme

2025-12-31 18:45:39

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1236 Phpmyfaq MEDIUM Phpmyfaq 2025

Referanslar

https://www.exploit-db.com/exploits/51399 https://www.phpmyfaq.de/ https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export https://www.exploit-db.com/exploits/51399

Benzer Kayıtlar

Medium

CVE-2026-34973

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/p…

Medium

CVE-2026-34974

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSa…

Medium

CVE-2026-34729

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex By…

High

CVE-2026-34728

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…

High

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/p…

Medium

CVE-2026-24422

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly e…