CNNVD-202512-3220 Information

CNNVD ID

CNNVD-202512-3220

Related CVE

CVE-2023-53929

• CNNVD Published: 2025-12-17

Description (Chinese)

phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 3.1.12版本存在安全漏洞，该漏洞源于经过身份验证的用户可在其个人资料名称中注入恶意公式，可能导致CSV注入攻击。

Description (English)

phpMyFAQ is a multilingual, database-driven, common-question answer system for Thorsten Rinne personal developers. phpMyFAQ 3.1.12 contains a security loophole, which stems from the fact that an identified user can inject a malicious formula into his personal data name, which could lead to an attack by the CSV.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export https://www.phpmyfaq.de/ https://www.exploit-db.com/exploits/51399 https://access.redhat.com/security/cve/cve-2023-53929

Patch

https://www.phpmyfaq.de/download/