Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1756 matches found

NVD
NVDadded 2022/10/29 1:15 p.m.12 views

CVE-2022-3754

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

9.8CVSS0.00921EPSS
Exploits1References2
CNNVD
CNNVDadded 2022/10/29 12:0 a.m.1 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.8, which stems from the presence of weak passwords...

9.8CVSS7.4AI score0.00921EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2022/10/29 12:0 a.m.5 views

CVE-2022-3754 Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

7.5CVSS9.7AI score0.00921EPSS
Exploits1References2
Cvelist
Cvelistadded 2022/10/29 12:0 a.m.17 views

CVE-2022-3754 Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

7.5CVSS9.8AI score0.00921EPSS
Exploits1References2
CVE
CVEadded 2022/10/29 12:0 a.m.111 views

CVE-2022-3754

CVE-2022-3754 affects the phpMyFAQ project (thorsten/phpmyfaq), before version 3.1.8. The root issue is weak password requirements; versions prior to 3.1.8 allow inadequate password length. The 3.1.8 release introduces an eight-character minimum password length. No exploit details are provided in...

9.8CVSS8.6AI score0.00921EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/29 12:0 a.m.1 views

PT-2022-24019 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.8 Description: The issue concerns weak password requirements in the phpMyFAQ repository. Specifically, versions prior to 3.1.8 are affected due to inadequate password length requirements. Version 3.1.8 introduce...

9.8CVSS7.5AI score0.00921EPSS
Exploits1References8
FreeBSD
FreeBSDadded 2022/10/24 12:0 a.m.9 views

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: a pre-auth SQL injection in then saving user comments a reflected cross-site scripting vulnerability in the search a stored cross-site scripting vulnerability in the meta data administration a weak password requirement...

2.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2022/10/21 12:0 a.m.4 views

FreeBSD : phpmyfaq -- CSRF vulnerability (c253c4aa-5126-11ed-8a21-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c253c4aa-5126-11ed-8a21-589cfc0f81b0 advisory. - phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid CSRF when logging...

5.6AI score
Exploits0References2
Huntr
Huntradded 2022/10/20 10:37 a.m.21 views

Stored Cross-site scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Visit: http:///phpmyfaq/admin/?action=meta Click button Add template meta data Inject payload in field Page type: "alert"XSS"...

4.9CVSS0.1AI score0.00432EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2022/10/19 7:0 p.m.25 views

phpMyFAQ vulnerable to Cross-site Scripting

phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting XSS. A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha...

8.4CVSS7.6AI score0.00509EPSS
Exploits1References4Affected Software2
OSV
OSVadded 2022/10/19 7:0 p.m.22 views

GHSA-6RJ8-9CM9-6GFF phpMyFAQ vulnerable to Cross-site Scripting

phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting XSS. A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha...

8.4CVSS7.9AI score0.00509EPSS
Exploits1References4
CNNVD
CNNVDadded 2022/10/19 12:0 a.m.2 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in versions prior to phpMyFAQ 3.2.0-alpha. An attacker exploited the vulnerability to perform cross-site scripting attacks...

8.4CVSS7AI score0.00509EPSS
Exploits1References3
CVE
CVEadded 2022/10/19 12:0 a.m.88 views

CVE-2022-3608

CVE-2022-3608 affects phpMyFAQ versions prior to 3.2.0-alpha, with stored XSS in the codebase hosted under thorsten/phpmyfaq. Multiple sources describe a stored XSS vulnerability exploited via user input that can affect multiple pages and is tied to the repository before 3.2.0-alpha. The issue is...

8.4CVSS7.1AI score0.00509EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/19 12:0 a.m.4 views

CVE-2022-3608 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha...

7.2CVSS7.9AI score0.00509EPSS
Exploits1References2
OSV
OSVadded 2022/10/19 12:0 a.m.15 views

CVE-2022-3608 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha...

7.2CVSS7.7AI score0.00509EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/19 12:0 a.m.3 views

PT-2022-23168 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.0-alpha Description: The issue is related to stored Cross-site Scripting XSS in the phpMyFAQ repository. A patch for this issue is available on the main branch of the repository and is expected to be included in...

8.4CVSS6.4AI score0.00509EPSS
Exploits1References7
Huntr
Huntradded 2022/10/03 11:10 a.m.213 views

Stored XSS and possible RCE/LFI in case of misconfiguration

Description phpmyfaq has a feature to restore from a backup the entire application. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls. Proof of Concept XSS 1. - login as admin 2. - go to backup page 3. - Creat...

5.4CVSS0.3AI score0.00509EPSS
Exploits1
FreeBSD
FreeBSDadded 2022/10/02 12:0 a.m.9 views

phpmyfaq -- CSRF vulnerability

phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid CSRF when logging out an user...

3.7AI score
Exploits0References1
OSV
OSVadded 2022/05/14 2:2 a.m.17 views

GHSA-P57W-9Q28-J6V7 phpMyFAQ CSRF

phpMyFAQ before 2.9.11 allows CSRF...

8.8CVSS8.7AI score0.00152EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/05/14 2:2 a.m.13 views

phpMyFAQ CSRF

phpMyFAQ before 2.9.11 allows CSRF...

8.8CVSS6.9AI score0.00152EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder