Filtered by vendor Phpmyfaq
Subscriptions
Filtered by product Phpmyfaq
Subscriptions
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54141 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-08-15 | 8.6 High |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0. | ||||
| CVE-2024-55889 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2025-08-14 | 4.9 Medium |
| phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. | ||||
| CVE-2024-56199 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2025-08-14 | 5.2 Medium |
| phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability. | ||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-06-17 | 6.5 Medium |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | ||||
| CVE-2024-22208 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-15 | 6.5 Medium |
| phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5. | ||||
| CVE-2022-3608 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-08 | 8.4 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. | ||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-08 | 9.8 Critical |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2022-3766 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-05 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | ||||
| CVE-2017-15732 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | ||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | ||||
| CVE-2017-15731 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | ||||
| CVE-2017-15730 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | ||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | ||||
| CVE-2017-15733 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | ||||
| CVE-2017-15728 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | ||||
| CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | ||||
| CVE-2017-15727 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | ||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | ||||