CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-27299 – phpMyFAQ SQL Injection at "Save News"
https://notcve.org/view.php?id=CVE-2024-27299
25 Mar 2024 — phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filt... • https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0944 – Joomla! Component com_jcollection - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0944
08 Mar 2010 — Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente para Joomla! JCollection (com_jcollection), permite a atacantes remotos leer ficheros locales de su elección al utilizar caracteres .. • https://www.exploit-db.com/exploits/11088 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2167
https://notcve.org/view.php?id=CVE-2002-2167
31 Dec 2002 — Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call. • http://online.securityfocus.com/archive/1/282404 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2168
https://notcve.org/view.php?id=CVE-2002-2168
31 Dec 2002 — SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php. • http://online.securityfocus.com/archive/1/282404 •