PHPMyFAQ 1.5.1 - 'Password.php' SQL Injection

EDB-ID:

26294

CVE:

N/A




Platform:

PHP

Date:

2005-08-23


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/14927/info

phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

phpMyFAQ version 1.5.1 is reported prone to this vulnerability. 

switch to /admin directory, click on "forgotten password" feature
user: ' or isnull(1/0) /*
mail: [your_email]