1811 matches found
phpMyFAQ < 3.2.0 - Cross-site Scripting
Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "text...
Phpmyfaq v3.1.11 - Cross-Site Scripting
Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized. id: CVE-2023-1880 info: name: Phpmyfaq v3.1.11 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend...
phpMyFAQ < 3.1.8 - Cross-Site Scripting
phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users'...
phpMyFAQ - Configuration Backup Disclosure
phpMyFAQ = 4.0.16 contains an information disclosure vulnerability caused by unauthenticated access to configuration backup ZIP generation and download, letting remote attackers access sensitive configuration files, exploit requires no authentication. id: CVE-2025-69200 info: name: phpMyFAQ -...
phpMyFAQ <= 4.1.1 - SQL Injection
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
CVE-2026-57994
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...
CVE-2026-57994
phpMyFAQ is affected: versions before 4.1.5 expose inactive content through public API endpoints due to inconsistent active flag and publication-date filtering. Specifically, GET /api/v3.1/faq/{categoryId}/{faqId} returns inactive title and full answer, while GET /api/v3.1/faqs/tags/{tagId} and G...
CVE-2026-57961
phpMyFAQ قبل 4.1.5 contains an authenticated path traversal in Export/Pdf/Wrapper.php (concatenatePaths). An FAQ editor can inject HTML that includes crafted image paths; the code uses strpos() to locate the substring “content” in a user-controlled path, and if “content” is absent the result beco...
EUVD-2026-42892
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...
EUVD-2026-42891
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...
CVE-2026-57961 phpMyFAQ - Authenticated Path Traversal in PDF Export via concatenatePaths Function
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...
CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...
EUVD-2026-40454
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...
CVE-2026-57995 phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...
CVE-2026-57995
phpMyFAQ
CVE-2026-57995
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...
PT-2026-54050
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.5 Description An issue exists in the updatePermissions function within the GroupController that allows administrators with GROUP EDIT privileges to grant arbitrary rights to groups without verifying if they posse...
GHSA-985R-Q3QP-299H phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack authorization guards
Advisory / Disclosure phpMyFAQ 4.1.3 — incomplete fix for the admin-API IDOR/privilege-escalation class Target: thorsten/phpMyFAQ composer: thorsten/phpmyfaq, phpmyfaq/phpmyfaq Affected: "Only SuperAdmins may change other users' attributes. Self-service is always allowed." and "a non-SuperAdmin...
EUVD-2026-37954
phpMyFAQ: Missing userHasPermission in 4 API write endpoints CVE-2026-24421 Incomplete Fix...
EUVD-2026-35091
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing...