CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

phpMyFAQ cross-site scripting vulnerability (CNVD-2023-9902999)

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.17, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute...

PT-2023-32801 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.17 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation and later displays it, allowing attackers to injec...

PT-2023-32384 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpmyfaq versions prior to 3.2.2 Description: The issue is related to insufficient session expiration. Recommendations: For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue...

phpMyFAQ cross-site scripting vulnerability (CNVD-2023-39428)

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.0-beta. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

CVE-2023-2427 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...

PT-2023-17306 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to stored Cross-site Scripting XSS due to the failure to sanitize user input in the adminlog. This has been fixed in version 3.1.12. Recommendations: For versions...

PT-2023-17222 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue concerns improper privilege management, allowing any user who can add a new user to create a user with super admin rights. This has been fixed in version 3.1.12. Recommendation...

Improper Input Validation

phpmyfaq is vulnerable to Improper Input Validation. The vulnerability exists due to a lack of input validation in ajaxservice.php which allows an attacker to spam proposals into the system...

CVE-2023-0880 Misinterpretation of Input in thorsten/phpmyfaq

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0314 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

PT-2022-24036

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.1.8 Description The issue is related to Cross-site Scripting XSS - Reflected. This means an attacker can inject malicious scripts into a website, which will then be executed by the user's browser. The estimated...

Authorization Bypass

phpmyfaq/phpmyfaq is vulnerable to authorization bypasses. The library does not properly handle the instance ID, allowing a malicious user with admin rights to delete a multi-site master instance...

Cross Site Request Forgery (CSRF)

phpMyFAQ/phpMyFAQ is vulnerable to cross-site request forgery CSRF. The vulnerability exists because it does not check CSRF token properly in user.php, allowing the attacker to delete any active user, to remove open questions, to manipulate FAQ and FAQ news, to add votes and to add or delete...

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

Cross-site request forgery vulnerability in phpMyFAQ admin/stat.ratings.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...