Primary

Context

phpMyFAQ CSV Injection Vulnerability in User Profile Export

Vulnerability

A CSV injection vulnerability has been identified in phpMyFAQ version 3.1.12. This issue allows authenticated users to inject malicious formulas into their profile names. When an administrator exports user data as a CSV file, the injected formula is executed, potentially leading to unauthorized actions, such as opening applications like the calculator on the admin's computer.

Impact

Exploitation of this vulnerability allows for CSV injection, where malicious formulas are executed when the CSV file is opened, such as triggering the calculator application.

Reproduction

To reproduce this vulnerability, log in as a user and navigate to the user control panel. Change the profile name to include a payload such as 'calc|a!z|' and save the changes. When an administrator exports the user data as a CSV file, the injected formula will be executed on the admin's computer, demonstrating the CSV injection.

Added: Dec 17, 2025, 11:30 PM

Updated: Dec 17, 2025, 11:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpMyFAQ CSV Injection Vulnerability in User Profile Export

Vulnerability

Impact

Reproduction

Affected Products

phpMyFAQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating