Lucene search
K

13410 matches found

NVD
NVD
added 2024/03/25 7:15 p.m.25 views

CVE-2024-28107

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

8.8CVSS8.9AI score0.00968EPSS
Exploits1References2
NVD
NVD
added 2024/03/25 7:15 p.m.19 views

CVE-2024-27300

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS5.6AI score0.00691EPSS
Exploits1References3
CVE
CVE
added 2024/03/25 6:52 p.m.75 views

CVE-2024-28108

phpMyFAQ (PHP 8.1+, with MySQL/PostgreSQL and other DBs) has a stored HTML injection vulnerability in the contentLink parameter that can be exploited by unauthenticated users to inject HTML into pages. The issue is tied to insufficient validation and is aggravated when guest users can add FAQs wi...

6.1CVSS4.7AI score0.00539EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/25 6:47 p.m.22 views

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

8.8CVSS7.5AI score0.00968EPSS
Exploits1References2
OSV
OSV
added 2024/03/25 6:47 p.m.21 views

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

8.8CVSS6.4AI score0.00968EPSS
Exploits1References4
OSV
OSV
added 2024/03/25 6:41 p.m.31 views

CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

4.3CVSS4.7AI score0.00542EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/03/25 6:35 p.m.13 views

CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

7.2CVSS7.7AI score0.01476EPSS
Exploits1References2
OSV
OSV
added 2024/03/25 6:35 p.m.33 views

CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

7.2CVSS6.1AI score0.01476EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/25 6:30 p.m.18 views

CVE-2024-27300 phpMyFAQ Stored XSS at user email

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS6.2AI score0.00691EPSS
Exploits1References3
CVE
CVE
added 2024/03/25 6:30 p.m.66 views

CVE-2024-27300

Summary: CVE-2024-27300 affects phpMyFAQ; the vulnerability is a stored XSS in the user email field caused by inadequate validation from PHP’s FILTER_VALIDATE_EMAIL. An attacker can inject JavaScript that is stored and later rendered in another user’s session. The issue is documented across multi...

5.5CVSS5.5AI score0.00691EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/25 6:30 p.m.19 views

CVE-2024-27300 phpMyFAQ Stored XSS at user email

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS6.3AI score0.00691EPSS
Exploits1References3
OSV
OSV
added 2024/03/25 6:30 p.m.26 views

CVE-2024-27300 phpMyFAQ Stored XSS at user email

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS5.1AI score0.00691EPSS
Exploits1References5
OSV
OSV
added 2024/03/25 6:26 p.m.34 views

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

8.8CVSS6.4AI score0.01151EPSS
Exploits1References5
CVE
CVE
added 2024/03/25 6:26 p.m.74 views

CVE-2024-27299

phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...

8.8CVSS8.8AI score0.01151EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/03/25 6:26 p.m.43 views

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

8.8CVSS9.1AI score0.01151EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/03/25 12:0 a.m.27 views

Fedora: Security Advisory (FEDORA-2024-db558f6fb2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.01044EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/03/25 12:0 a.m.21 views

Fedora: Security Advisory (FEDORA-2024-ed884c3203)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.0481EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/25 12:0 a.m.24 views

Fedora: Security Advisory for pgadmin4 (FEDORA-2024-15df3b6d95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS9.5AI score0.79326EPSS
Exploits4References2
Fedora
Fedora
added 2024/03/23 12:53 a.m.30 views

[SECURITY] Fedora 40 Update: postgresql-jdbc-42.7.3-1.fc40

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

10CVSS7AI score0.0481EPSS
Exploits0
Fedora
Fedora
added 2024/03/23 12:52 a.m.29 views

[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

6.5CVSS6.8AI score0.01044EPSS
Exploits1
Rows per page
Query Builder