13410 matches found
CVE-2024-28107
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-27300
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-28108
phpMyFAQ (PHP 8.1+, with MySQL/PostgreSQL and other DBs) has a stored HTML injection vulnerability in the contentLink parameter that can be exploited by unauthenticated users to inject HTML into pages. The issue is tied to insufficient validation and is aggravated when guest users can add FAQs wi...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27300
Summary: CVE-2024-27300 affects phpMyFAQ; the vulnerability is a stored XSS in the user email field caused by inadequate validation from PHP’s FILTER_VALIDATE_EMAIL. An attacker can inject JavaScript that is stored and later rendered in another user’s session. The issue is documented across multi...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
CVE-2024-27299
phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...
Fedora: Security Advisory (FEDORA-2024-db558f6fb2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-ed884c3203)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for pgadmin4 (FEDORA-2024-15df3b6d95)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: postgresql-jdbc-42.7.3-1.fc40
PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...
[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40
pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...