Vulnerabilities > CVE-2018-16651 - Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyfaq

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
phpmyfaq
CWE-1236
NVD
Published: 2018-09-07
Updated: 2020-08-24

Summary

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

Vulnerable Configurations

Part Description Count
Application
Phpmyfaq
206

Common Weakness Enumeration (CWE)

References