phpMyFAQ < 3.1.11 Improper Input Validation Vulnerability

phpMyFAQ is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Account Lockout

phpmyfaq is vulnerable to Account Lockout. A remote attacker is able to bypass the security mechanism due to improper input validation in the E-Mail field, which may lead to an account takeover or an account lockout without any possibility of recovery...

Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the FAQ-Proposal Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin views the proposal, possibly leading to code execution...

Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the Question Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin approves the question, possibly leading to code execution...

CVE-2023-0880

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

Design/Logic Flaw

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in versions prior to phpMyFAQ 3.1.11, which stems from misinterpreting user input...

PT-2023-16584 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.11 Description: The issue is related to the misinterpretation of input in the thorsten/phpmyfaq GitHub repository. Recommendations: For versions prior to 3.1.11, update to version 3.1.11 or later to...

CVE-2023-0880

CVE-2023-0880 concerns phpMyFAQ prior to 3.1.11, where misinterpretation of input in the thorsten/phpmyfaq GitHub repository is identified as the underlying issue. Affected software: phpMyFAQ versions before 3.1.11. Root cause: improper handling/misinterpretation of user input in the repository. ...

CVE-2023-0880 Misinterpretation of Input in thorsten/phpmyfaq

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0880 Misinterpretation of Input in thorsten/phpmyfaq

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

Stored XSS in the adminlog functionality.

Description There is a stored XSS in the 'adminlog' functionality. E.g. the page http://phpmyfaq.local/admin/?action=adminlog shows failed login attempts. If a user with the username 'alert1;' tries to log in, it gets logged and displayed on the adminlog unsanitized. Proof of Concept 1. visit...

phpMyFAQ has an unspecified vulnerability (CNVD-2023-09635)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 have a security vulnerability that stems from a weak password requirement. No detailed vulnerability details are currently available...

phpMyFAQ has an unspecified vulnerability (CNVD-2023-09634)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a security vulnerability that stems from an uncaught exception. No detailed vulnerability details are currently available...

phpMyFAQ code injection vulnerability

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a code injection vulnerability that stems from code injection. No detailed vulnerability details are currently available...

phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-09633)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 are vulnerable to a cross-site scripting vulnerability that stems from stored cross-site scripting XSS. No detailed vulnerability details are currently available...

phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-09628)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 are vulnerable to a cross-site scripting vulnerability that originates from cross-site scripting XSS. No detailed vulnerability details are currently available...

phpMyFAQ command injection vulnerability

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a command injection vulnerability, which stems from command injection. No detailed vulnerability details are currently available...

phpMyFAQ Code Injection Vulnerability (CNVD-2023-09631)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 contain a code injection vulnerability that stems from code injection. No detailed vulnerability details are currently available...

phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-09630)

phpMyFAQ is a multilingual, fully database-driven FAQ system. phpMyFAQ versions prior to 3.1.11 are vulnerable to a cross-site scripting vulnerability that originates from cross-site scripting XSS. No detailed vulnerability details are currently available...