Vulnerabilities > CVE-2018-16651 - Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyfaq

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

phpmyfaq

CWE-1236

critical

NVD

Published: 2018-09-07

Updated: 2020-08-24

Summary

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.

Vulnerable Configurations

Part	Description	Count
Application	Phpmyfaq Phpmyfaq Phpmyfaq 0.1 Phpmyfaq Phpmyfaq 0.60 Phpmyfaq Phpmyfaq 0.65 Phpmyfaq Phpmyfaq 0.70 Phpmyfaq Phpmyfaq 0.80 Phpmyfaq Phpmyfaq 0.85 Phpmyfaq Phpmyfaq 0.86 Phpmyfaq Phpmyfaq 0.87 Phpmyfaq Phpmyfaq 0.90 Phpmyfaq Phpmyfaq 0.95 Phpmyfaq Phpmyfaq 0.666 Phpmyfaq Phpmyfaq 1.0 Phpmyfaq Phpmyfaq 1.0.0 Phpmyfaq Phpmyfaq 1.0.1 Phpmyfaq Phpmyfaq 1.0.1A Phpmyfaq Phpmyfaq 1.1.0 Phpmyfaq Phpmyfaq 1.1.1 Phpmyfaq Phpmyfaq 1.1.2 Phpmyfaq Phpmyfaq 1.1.3 Phpmyfaq Phpmyfaq 1.1.4 Phpmyfaq Phpmyfaq 1.1.4A Phpmyfaq Phpmyfaq 1.1.5 Phpmyfaq Phpmyfaq 1.2.0 Phpmyfaq Phpmyfaq 1.2.1 Phpmyfaq Phpmyfaq 1.2.2 Phpmyfaq Phpmyfaq 1.2.3 Phpmyfaq Phpmyfaq 1.2.4 Phpmyfaq Phpmyfaq 1.2.5 Phpmyfaq Phpmyfaq 1.2.5A Phpmyfaq Phpmyfaq 1.2.5B Phpmyfaq Phpmyfaq 1.3.0 Phpmyfaq Phpmyfaq 1.3.1 Phpmyfaq Phpmyfaq 1.3.2 Phpmyfaq Phpmyfaq 1.3.3 Phpmyfaq Phpmyfaq 1.3.4 Phpmyfaq Phpmyfaq 1.3.5 Phpmyfaq Phpmyfaq 1.3.6 Phpmyfaq Phpmyfaq 1.3.7 Phpmyfaq Phpmyfaq 1.3.8 Phpmyfaq Phpmyfaq 1.3.9 Phpmyfaq Phpmyfaq 1.3.10 Phpmyfaq Phpmyfaq 1.3.11 Phpmyfaq Phpmyfaq 1.3.12 Phpmyfaq Phpmyfaq 1.3.13 Phpmyfaq Phpmyfaq 1.3.14 Phpmyfaq Phpmyfaq 1.4 Phpmyfaq Phpmyfaq 1.4.0 Phpmyfaq Phpmyfaq 1.4.0A Phpmyfaq Phpmyfaq 1.4.1 Phpmyfaq Phpmyfaq 1.4.2 Phpmyfaq Phpmyfaq 1.4.3 Phpmyfaq Phpmyfaq 1.4.4 Phpmyfaq Phpmyfaq 1.4.5 Phpmyfaq Phpmyfaq 1.4.6 Phpmyfaq Phpmyfaq 1.4.7 Phpmyfaq Phpmyfaq 1.4.8 Phpmyfaq Phpmyfaq 1.4.9 Phpmyfaq Phpmyfaq 1.4.10 Phpmyfaq Phpmyfaq 1.4.11 Phpmyfaq Phpmyfaq 1.5 Phpmyfaq Phpmyfaq 1.5.0 Phpmyfaq Phpmyfaq 1.5.1 Phpmyfaq Phpmyfaq 1.5.2 Phpmyfaq Phpmyfaq 1.5.3 Phpmyfaq Phpmyfaq 1.5.4 Phpmyfaq Phpmyfaq 1.5.5 Phpmyfaq Phpmyfaq 1.5.6 Phpmyfaq Phpmyfaq 1.5.7 Phpmyfaq Phpmyfaq 1.5.8 Phpmyfaq Phpmyfaq 1.5.9 Phpmyfaq Phpmyfaq 1.6.0 Phpmyfaq Phpmyfaq 1.6.1 Phpmyfaq Phpmyfaq 1.6.2 Phpmyfaq Phpmyfaq 1.6.3 Phpmyfaq Phpmyfaq 1.6.4 Phpmyfaq Phpmyfaq 1.6.5 Phpmyfaq Phpmyfaq 1.6.6 Phpmyfaq Phpmyfaq 1.6.7 Phpmyfaq Phpmyfaq 1.6.8 Phpmyfaq Phpmyfaq 1.6.9 Phpmyfaq Phpmyfaq 1.6.10 Phpmyfaq Phpmyfaq 1.6.11 Phpmyfaq Phpmyfaq 1.6.12 Phpmyfaq Phpmyfaq 2.0.0 Phpmyfaq Phpmyfaq 2.0.1 Phpmyfaq Phpmyfaq 2.0.2 Phpmyfaq Phpmyfaq 2.0.3 Phpmyfaq Phpmyfaq 2.0.4 Phpmyfaq Phpmyfaq 2.0.5 Phpmyfaq Phpmyfaq 2.0.6 Phpmyfaq Phpmyfaq 2.0.7 Phpmyfaq Phpmyfaq 2.0.8 Phpmyfaq Phpmyfaq 2.0.9 Phpmyfaq Phpmyfaq 2.0.10 Phpmyfaq Phpmyfaq 2.0.11 Phpmyfaq Phpmyfaq 2.0.12 Phpmyfaq Phpmyfaq 2.0.13 Phpmyfaq Phpmyfaq 2.0.14 Phpmyfaq Phpmyfaq 2.0.15 Phpmyfaq Phpmyfaq 2.0.16 Phpmyfaq Phpmyfaq 2.0.17 Phpmyfaq Phpmyfaq 2.5.0 Phpmyfaq Phpmyfaq 2.5.1 Phpmyfaq Phpmyfaq 2.5.2 Phpmyfaq Phpmyfaq 2.5.3 Phpmyfaq Phpmyfaq 2.5.4 Phpmyfaq Phpmyfaq 2.5.5 Phpmyfaq Phpmyfaq 2.5.6 Phpmyfaq Phpmyfaq 2.5.7 Phpmyfaq Phpmyfaq 2.6.0 Phpmyfaq Phpmyfaq 2.6.1 Phpmyfaq Phpmyfaq 2.6.2 Phpmyfaq Phpmyfaq 2.6.3 Phpmyfaq Phpmyfaq 2.6.4 Phpmyfaq Phpmyfaq 2.6.5 Phpmyfaq Phpmyfaq 2.6.6 Phpmyfaq Phpmyfaq 2.6.7 Phpmyfaq Phpmyfaq 2.6.8 Phpmyfaq Phpmyfaq 2.6.9 Phpmyfaq Phpmyfaq 2.6.10 Phpmyfaq Phpmyfaq 2.6.11 Phpmyfaq Phpmyfaq 2.6.12 Phpmyfaq Phpmyfaq 2.6.13 Phpmyfaq Phpmyfaq 2.6.14 Phpmyfaq Phpmyfaq 2.6.15 Phpmyfaq Phpmyfaq 2.6.16 Phpmyfaq Phpmyfaq 2.6.17 Phpmyfaq Phpmyfaq 2.6.18 Phpmyfaq Phpmyfaq 2.6.19 Phpmyfaq Phpmyfaq 2.7.0 Phpmyfaq Phpmyfaq 2.7.1 Phpmyfaq Phpmyfaq 2.7.2 Phpmyfaq Phpmyfaq 2.7.3 Phpmyfaq Phpmyfaq 2.7.4 Phpmyfaq Phpmyfaq 2.7.5 Phpmyfaq Phpmyfaq 2.7.6 Phpmyfaq Phpmyfaq 2.7.7 Phpmyfaq Phpmyfaq 2.7.8 Phpmyfaq Phpmyfaq 2.7.9 Phpmyfaq Phpmyfaq 2.8.0 Phpmyfaq Phpmyfaq 2.8.1 Phpmyfaq Phpmyfaq 2.8.2 Phpmyfaq Phpmyfaq 2.8.3 Phpmyfaq Phpmyfaq 2.8.4 Phpmyfaq Phpmyfaq 2.8.5 Phpmyfaq Phpmyfaq 2.8.6 Phpmyfaq Phpmyfaq 2.8.7 Phpmyfaq Phpmyfaq 2.8.8 Phpmyfaq Phpmyfaq 2.8.9 Phpmyfaq Phpmyfaq 2.8.10 Phpmyfaq Phpmyfaq 2.8.11 Phpmyfaq Phpmyfaq 2.8.12 Phpmyfaq Phpmyfaq 2.8.13 Phpmyfaq Phpmyfaq 2.8.14 Phpmyfaq Phpmyfaq 2.8.15 Phpmyfaq Phpmyfaq 2.8.16 Phpmyfaq Phpmyfaq 2.8.17 Phpmyfaq Phpmyfaq 2.8.18 Phpmyfaq Phpmyfaq 2.8.19 Phpmyfaq Phpmyfaq 2.8.20 Phpmyfaq Phpmyfaq 2.8.21 Phpmyfaq Phpmyfaq 2.8.22 Phpmyfaq Phpmyfaq 2.8.23 Phpmyfaq Phpmyfaq 2.8.24 Phpmyfaq Phpmyfaq 2.8.25 Phpmyfaq Phpmyfaq 2.8.26 Phpmyfaq Phpmyfaq 2.8.27 Phpmyfaq Phpmyfaq 2.8.28 Phpmyfaq Phpmyfaq 2.8.29 Phpmyfaq Phpmyfaq 2.9.0 Phpmyfaq Phpmyfaq 2.9.1 Phpmyfaq Phpmyfaq 2.9.2 Phpmyfaq Phpmyfaq 2.9.3 Phpmyfaq Phpmyfaq 2.9.4 Phpmyfaq Phpmyfaq 2.9.5 Phpmyfaq Phpmyfaq 2.9.6 Phpmyfaq Phpmyfaq 2.9.7 Phpmyfaq Phpmyfaq 2.9.8 Phpmyfaq Phpmyfaq 2.9.9 Phpmyfaq Phpmyfaq 2.9.10	205

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.phpmyfaq.de/security/advisory-2018-09-02