The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.Referenceshttps://www.phpmyfaq.de/security/advisory-2018-09-02
