Arbitrary SQL Command Execution in phpMyFAQ before 2.8.13 via Restore Function

Arbitrary SQL Command Execution in phpMyFAQ before 2.8.13 via Restore Function

CVE-2014-6045 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

Learn more about our User Device Pen Test.