phpMyFAQ Improper Restriction Vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A security vulnerability exists in versions of...

Design/Logic Flaw

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

CVE-2017-11187

The CVE concerns phpMyFAQ prior to version 2.9.8, where login brute-force protection is insufficient—allowing rapid, repeated invalid authentication attempts. The issue is tied to failure to mitigate brute-force attacks. Remediation evidenced across sources suggests upgrading to version 2.9.8 or ...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to cross-site scripting XSS attacks. Its does not properly sanitize the user supplied input, allowing the attackers to introduce malicious web script or HTML through it...

Cross-site Scripting (XSS)

phpmyFAQ is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the question field in inc/PMF/Faq.php...

phpMyFAQ inc/PMF/Faq.php file cross-site scripting vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site scripting vulnerability exists in th...

CVE-2017-7579

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field...

CVE-2017-7579

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field...

Design/Logic Flaw

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field...

CVE-2017-7579

CVE-2017-7579 affects phpMyFAQ before 2.9.7, where the file inc/PMF/Faq.php is vulnerable to cross-site scripting through the question field. The root cause is an XSS flaw in the handling of that input, allowing injection of arbitrary web scripts/HTML. Documented impacts indicate an attacker coul...

CVE-2017-7579

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field...

phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title: phpMyFAQ 2.9.0 Stored XSS Date: 09-06-2016 Software Link: http://www.phpmyfaq.de/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description PHP...

phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting

phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting Exploit Title: phpMyFAQ 2.9.0 Stored XSS Date: 09-06-2016 Software Link: http://www.phpmyfaq.de/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description PHP...

phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting

Exploit Title: phpMyFAQ 2.9.0 Stored XSS Date: 09-06-2016 Software Link: http://www.phpmyfaq.de/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description PHP filterinput function with FILTERVALIDATEURL flag is used...

phpMyFAQ 2.9.0 Cross Site Scripting

Exploit Title: phpMyFAQ 2.9.0 Stored XSS Date: 09-06-2016 Software Link: http://www.phpmyfaq.de/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description PHP filterinput function with FILTERVALIDATEURL flag is used...

FreeBSD : phpmyfaq -- cross-site request forgery vulnerability (f87a9376-0943-11e6-8fc4-00a0986f28c4)

The phpMyFAQ team reports : The vulnerability exists due to application does not properly verify origin of HTTP requests in 'Interface Translation' functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrato...

phpMyFAQ Cross-Site Request Forgery Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site request forgery vulnerability exists in phpMyFAQ. Due to the application failing to properly validate the 'Interface Translation' translation function of the originating HTTP request. An unauthenticated remote attacker c...