Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-62519 - Vulnerability Database
phpMyFAQ

phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-62519

High
Reference: CVE-2025-62519
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62519
Title: phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14 an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 39Configuration Edit39 permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database including reading modifying or deleting all data as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.