CVE-2014-6045

HIGH

Phpmyfaq < 2.8.13 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/34580

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://techdefencelabs.com/security-advisories.html

[Vendor Advisory] https://www.phpmyfaq.de/security/advisory-2014-09-16

Scores

CVSS v3 7.2

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpmyfaq/phpmyfaq < 2.8.13

Published Aug 28, 2018

Tracked Since Feb 18, 2026