Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, another CSRF in clearing search items. Proof of Concept 1. Install a local instance of phpmyfaq. 2. Go to this link /phpmyfaq/admin/?action=truncatesearchterms 3. See that all search terms are deleted. Impact This vulnerability is capable of CSRF...

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him. Proof of Concept 1. Install phpmyfaq on your system. 2. Login as admin 3. Open this link /admin/index.php?action=logout 4. See that you are logged out of...

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to...

FreeBSD : phpmyfaq -- XSS vulnerability (1f655433-551b-11eb-9cda-589cfc0f81b0)

phpmyfaq developers report : phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and...

phpmyfaq -- XSS vulnerability

phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags...

phpMyFAQ <= 2.9.10 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

Cross-Site Request Forgery (CSRF)

phpMyFAQ is vulnerable to cross-site request forgery. An attacker is able activate any user on behalf of the administrator by tricking the victim into visiting a malicious site...

CSV Injection

phpmyfaq/phpmyfaq is vulnerable to CSV injection attacks. The vulnerability exists due to the lack of sanitization of characters that allows a string to be interpreted as a formula...

Design/Logic Flaw

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

CVE-2018-16650

phpMyFAQ before 2.9.11 allows CSRF...

CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

Cross site request forgery (csrf)

phpMyFAQ before 2.9.11 allows CSRF...

CVE-2018-16650

phpMyFAQ before 2.9.11 allows CSRF...

CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

CVE-2018-16650

phpMyFAQ before 2.9.11 allows CSRF...

CVE-2018-16651

The CVE-2018-16651 entry applies to phpMyFAQ (admin backend) before version 2.9.11, where CSV injection in reports is possible due to insufficient sanitization of report content. The vulnerability is reflected with a HIGH CVSS score (3.0: 7.2; 2.0: 9.0) and can impact multiple CIA aspects as defi...

CVE-2018-16650

CVE-2018-16650 refers to a CSRF vulnerability in phpMyFAQ versions before 2.9.11 . The issue arises from insufficient CSRF protection, allowing an attacker to perform unauthorized admin actions. Affected product/version: phpMyFAQ up to 2.9.10. Impact indicators show exposure of admin operations; ...

phpMyFAQ Cross-Site Request Forgery Vulnerability (CNVD-2019-07200)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

phpMyFAQ CSV Injection Vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A CSV injection vulnerability exists in the admin...