CVE-2014-6045

HIGH

phpmyfaq < 2.8.13 - Authenticated SQL Injection via Restore Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6045.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in phpMyFAQ 2.8.X, including persistent XSS via unfiltered User-Agent and Referer headers, unauthenticated FAQ data disclosure, and CSRF attacks for user credential manipulation and configuration changes.

Description

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/34580

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in phpMyFAQ 2.8.X, including persistent XSS via unfiltered User-Agent and Referer headers, unauthenticated FAQ data disclosure, and CSRF attacks for user credential manipulation and configuration changes.

Classification

Working Poc 95%

Attack Type

Xss | Info Leak | Auth Bypass | Csrf

Complexity

Trivial

Reliability

Reliable

Target: phpMyFAQ 2.8.X (>= 2.8.12)

No auth needed

Prerequisites: Access to the target phpMyFAQ instance · Ability to send crafted HTTP requests

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://techdefencelabs.com/security-advisories.html

Vendor Advisory x_refsource_confirm

https://www.phpmyfaq.de/security/advisory-2014-09-16

Scores

CVSS v3 7.2

EPSS 0.0209

EPSS Percentile 79.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpmyfaq/phpmyfaq < 2.8.13

Published Aug 28, 2018

Tracked Since Feb 18, 2026