We found results for “”
WS-2022-0424
Good to know:
Date: November 3, 2022
thorsten/phpmyfaq before 3.1.9 is vulnerable to SQL Injection inside instance name that leads to Remote Code Execution. An attacker has a severe impact by being allowed to recover all or part of your database (including sensitive data like usernames and passwords hash), Modify or insert data in the database, saturate database workers with resource-intensive math functions, read or write files on the disk and execute OS commands.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
SQL Injection
CWE-89Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |