Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:53 a.m.10 views

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

8.8CVSS8.8AI score0.01151EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.8 views

The vulnerability of the “Add News” function in the phpMyFAQ web application allows a hacker to gain unauthorized access to the application.

The vulnerability of the “Add News” function in the phpMyFAQ web application is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the application...

9CVSS6.5AI score0.01151EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/03/25 7:15 p.m.31 views

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

8.8CVSS8.9AI score0.01151EPSS
Exploits1References3
CVE
CVE
added 2024/03/25 6:26 p.m.77 views

CVE-2024-27299

phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...

8.8CVSS8.8AI score0.01151EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/03/25 6:26 p.m.34 views

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

8.8CVSS6.4AI score0.01151EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.6 views

PT-2024-2396 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ version 3.2.5 Description: A SQL injection vulnerability has been discovered in the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to...

9CVSS8.2AI score0.01151EPSS
Exploits1References15
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.5 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.5, which stems from improper escaping of email addresses, resulting in a SQL injection vulnerability in the Add News feature...

8.8CVSS6.6AI score0.01151EPSS
Exploits1References4
Huntr
Huntr
added 2022/12/12 11:41 p.m.20 views

Stored XSS on User Management, Category, Add New FAQ, Add News and Configuration

Description Improper validation on user input in Add Category module, Add New FAQ module, Add News and edit Configuration in phpMyFAQ v3.1.9 allow user to execute malicious javascript payload which lead to vulnerability Stored XSS Proof of Concept - Login to demo instance...

4.9CVSS5.4AI score0.00401EPSS
Exploits0References1
OSV
OSV
added 2020/03/12 2:15 p.m.6 views

CVE-2020-10479

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...

4.3CVSS5.8AI score0.00475EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.3 views

CVE-2020-10397

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-news.php by adding a question mark ? followed by the payload...

4.8CVSS5.9AI score0.00733EPSS
Exploits3References2
Prion
Prion
added 2020/03/12 2:15 p.m.21 views

Cross site request forgery (csrf)

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...

4.3CVSS4.6AI score0.00475EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/04/26 12:0 a.m.6 views

HongCMS Cross-Site Scripting Vulnerability

HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in the Add News feature in HongCMS version 3.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a content field...

4.8CVSS5.9AI score0.00534EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

eazyPortal 1.0.0 - Multiple Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/04/02 12:0 a.m.18 views

MemHT Portal 4.0.2 Multiple Vulnerabilities

Exploit for php platform in category web applications +------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : MemHT Portal 4.0.2 Multiple Vulnerabilities Arbitrary File Upload...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/04 12:0 a.m.20 views

easyPortal 1.0.0 XSS / XSRF

----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: easyPortal...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2010/01/02 12:0 a.m.13 views

eazyPortal 1.0.0 - Multiple Vulnerabilities

eazyPortal 1.0.0 - Multiple Vulnerabilities ----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010...

0.1AI score
Exploits0
0day.today
0day.today
added 2010/01/02 12:0 a.m.22 views

easyPortal v1.0.0 Multiple Vulnerabilities

Exploit for unknown platform in category web applications ========================================== easyPortal v1.0.0 Multiple Vulnerabilities ========================================== ----------------------------------------------------------------------------------------------- Application:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/02 12:0 a.m.30 views

eazyPortal 1.0.0 - Multiple Vulnerabilities

----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: eazyPortal...

7.4AI score
Exploits0
Rows per page
Query Builder