phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53929 - Vulnerability Database

phpMyFAQ

phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2023-53929

High

Reference: CVE-2023-53929

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53929

Title: phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability

Overview:

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 39calcaz39 to trigger code execution when an administrator exports user data as a CSV file.