Category: EXPLOIT

exploit 0day security

phpMyFAQ 2.9.9 Code Injection

phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription]. Source: phpMyFAQ 2.9.9 Code Injection