Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/05/15 6:36 p.m.40 views

CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

8.7CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:36 p.m.2 views

CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

8.7CVSS5.9AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/05/15 6:36 p.m.27 views

CVE-2026-46366

CVE-2026-46366 affects phpMyFAQ before 4.1.2. An information disclosure vulnerability exists in getIdFromSolutionId() that does not enforce permissions, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers ...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 8:45 p.m.4 views

GHSA-99QV-G4X9-MGC3 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

Summary The public /solutionidid.html route calls Faq::getIdFromSolutionId in phpmyfaq/src/phpMyFAQ/Faq.php:1312. That query joins faqdata with faqcategoryrelations solely by solutionid and returns the matching FAQ's id, lang, thema title, and categoryid with no permission filter. An...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References4
Rows per page
Query Builder