phpMyFAQ Username SQL Injection Vulnerability
BID:12741
Info
phpMyFAQ Username SQL Injection Vulnerability
| Bugtraq ID: | 12741 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2005 12:00AM |
| Updated: | Mar 07 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Sven Michels of sectoor GmbH. |
| Vulnerable: |
phpMyFAQ phpMyFAQ 1.5 phpMyFAQ phpMyFAQ 1.4 a phpMyFAQ phpMyFAQ 1.4 -alpha 2 phpMyFAQ phpMyFAQ 1.4 -alpha 1 phpMyFAQ phpMyFAQ 1.4 |
| Not Vulnerable: | |
Discussion
phpMyFAQ Username SQL Injection Vulnerability
phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to the 'username' field of forum entries before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
phpMyFAQ versions 1.4 and 1.5 are reported prone to this vulnerability.
phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to the 'username' field of forum entries before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
phpMyFAQ versions 1.4 and 1.5 are reported prone to this vulnerability.
Exploit / POC
phpMyFAQ Username SQL Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
phpMyFAQ Username SQL Injection Vulnerability
Solution:
The vendor has released an update to address this vulnerability.
phpMyFAQ phpMyFAQ 1.4 a
phpMyFAQ phpMyFAQ 1.4 -alpha 2
phpMyFAQ phpMyFAQ 1.4
phpMyFAQ phpMyFAQ 1.4 -alpha 1
phpMyFAQ phpMyFAQ 1.5
Solution:
The vendor has released an update to address this vulnerability.
phpMyFAQ phpMyFAQ 1.4 a
-
phpMyFAQ phpMyFAQ 1.4.7
http://www.phpmyfaq.de/download.php?do=download&number=1.4.7&version=f ull
phpMyFAQ phpMyFAQ 1.4 -alpha 2
-
phpMyFAQ phpMyFAQ 1.4.7
http://www.phpmyfaq.de/download.php?do=download&number=1.4.7&version=f ull
phpMyFAQ phpMyFAQ 1.4
-
phpMyFAQ phpMyFAQ 1.4.7
http://www.phpmyfaq.de/download.php?do=download&number=1.4.7&version=f ull
phpMyFAQ phpMyFAQ 1.4 -alpha 1
-
phpMyFAQ phpMyFAQ 1.4.7
http://www.phpmyfaq.de/download.php?do=download&number=1.4.7&version=f ull
phpMyFAQ phpMyFAQ 1.5
-
phpMyFAQ phpMyFAQ 1.5.0 RC2
http://www.phpmyfaq.de/download.php?do=download&number=1.5.0&version=r c2
References
phpMyFAQ Username SQL Injection Vulnerability
References:
References:
- phpMyFAQ Homepage (phpMyFAQ)
- SQL injection vulnerability in phpMyFAQ version 1.4 and 1.5 (phpMyFAQ)