7 matches found
CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints
phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...
CVE-2025-57425
A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...
PT-2025-34788 · Sourcecodester · Faq Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A Stored Cross-Site Scripting XSS vulnerability exists in the FAQ Management System. An authenticated attacker can inject malicious JavaScript into the question and answer fields...
The vulnerability of the FAQ Management System’s /endpoint/delete-faq.php script allows a hacker to execute arbitrary SQL queries against the database.
The vulnerability of the Add FAQ component of the management system’s FAQ module often stems from the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...
CVE-2024-2070
A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched...
PT-2024-18694 · Sourcecodester · Sourcecodester Loan Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /endpoint/delete-faq.php. The manipulation of the faq argument leads to sql injection,...
FAQ Management System Cross-Site Scripting Vulnerability
FAQ Management System is a frequently asked questions management system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in version 1.0 of the FAQ Management System, which stems from the parameter question/answer in the file /endpoint/add-faq.php, which result...