CVE-2023-1762

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-0313

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-0308

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-5865

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2...

CVE-2023-2428

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2022-4409

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2017-15734

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.main.php...

CVE-2017-15728

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via metaDescription or metaKeywords...

CVE-2011-3783

phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/languageuk.php and certain other files...

CVE-2010-4558

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

📄 phpMyFAQ 3.2.10 Unintended File Download

phpMyFAQ version 3.2.10 suffers from an unintended file download vulnerability. Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link:...

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...

CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-28105

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

CVE-2024-56199

phpMyFAQ is vulnerable from versions 3.2.10 through 4.0.1 to an HTML injection in the FAQ editor (https://.../admin/index.php?action=editentry), enabling injected HTML that disrupts the page UI and can lead to DoS and degraded user experience. The issue is fixed in version 4.0.2; upgrading to 4.0...

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

CVE-2024-55889

CVE-2024-55889 affects the phpMyFAQ open source FAQ web application. The issue is in the FAQ Record component prior to version 3.2.10, where a privileged attacker can trigger a file download on a victim’s machine by embedding the target file in an iframe upon visiting a page, without user interac...

CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...