Lucene search
K

4 matches found

NVD
NVD
added yesterday7 views

CVE-2026-57994

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-57994

phpMyFAQ is affected: versions before 4.1.5 expose inactive content through public API endpoints due to inconsistent active flag and publication-date filtering. Specifically, GET /api/v3.1/faq/{categoryId}/{faqId} returns inactive title and full answer, while GET /api/v3.1/faqs/tags/{tagId} and G...

6.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42892

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder