VYPR

Faqengine

by Boesch It

CVEs (2)

  • CVE-2010-1360Apr 13, 2010
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7)…

  • CVE-2007-2749May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.