Full title: phpMyFAQ 2.9.9 Code Injection Exploit 
Category: web applications
Platform: php
phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].

# 0day.today @ http://0day.today/