#php

CVE-2018-25076

A vulnerability classified as critical was found in Events Extension. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The name of the patch is 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395.

3 years ago

CVE

Open in Source

#sql #vulnerability #php

CVE-2016-15020: Fixed orderBy injection vulnerability · liftkit/database@42ec8f2

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.

3 years ago

CVE

Open in Source

#sql #vulnerability #php

GHSA-4p88-cfhq-f3vg: phpMyFAQ has Weak Password Requirements

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

3 years ago

ghsa

Open in Source

#git #php

GHSA-w475-749h-c77m: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.