Description
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
Affected products
- phpMyFAQ / phpMyFAQ1.4 – 1.4
- phpMyFAQ / phpMyFAQ1.4_alpha1 – 1.4_alpha1
- phpMyFAQ / phpMyFAQ1.4_alpha2 – 1.4_alpha2
- phpMyFAQ / phpMyFAQ1.4a – 1.4a
- phpMyFAQ / phpMyFAQ1.5 – 1.5