phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

Summary Authenticated non‑admin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. Details SetupController.php uses userIsAuthenticated but does not verify that the requester has...

phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

Summary A logged‑in user without the dlattachment right can download FAQ attachments. This is due to a permissive permission check in attachment.php that treats the mere presence of a right key as authorization and a flawed group/user logic expression. Details In attachment.php, the access decisi...

Access Control Bypass

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Access Control Bypass via a permissive permission check in attachment.php. An attacker can gain unauthorized access to download attachments by exploitin...

GHSA-7P9H-M7M8-VHHV phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

Summary A logged‑in user without the dlattachment right can download FAQ attachments. This is due to a permissive permission check in attachment.php that treats the mere presence of a right key as authorization and a flawed group/user logic expression. Details In attachment.php, the access decisi...

VulnCheck KEV: CVE-2025-69200

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

FreeBSD : phpmyfaq -- multiple vulnerabilities (79c3c751-ee20-11f0-b17e-50ebf6bdf8e9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79c3c751-ee20-11f0-b17e-50ebf6bdf8e9 advisory. phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download...

CVE-2009-4040

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page...

CVE-2009-4780

Multiple cross-site scripting XSS vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter in a sitemap action, 2 the search parameter in a search action, 3 the taggingid parameter in a search action, 4 the...

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4007

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

phpMyFAQ Improper Authorization Vulnerability (GHSA-9cg9-4h4f-j6fg)

phpMyFAQ is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq";...

phpMyFAQ XSS Vulnerability (GHSA-jv8r-hv7q-p6vc)

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

CVE-2025-68951

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an...

GHSA-9CG9-4H4F-J6FG phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...

EUVD-2025-205600

phpMyFAQ has unauthenticated config backup download via /api/setup/backup...

Information Exposure

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Information Exposure via the backup process. An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST...

phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...

phpMyFAQ has Stored XSS in user list via admin-managed display_name

Summary A stored cross-site scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities e.g., img .... When an administrator views the admin user list, the payload is decoded server-si...

GHSA-JV8R-HV7Q-P6VC phpMyFAQ has Stored XSS in user list via admin-managed display_name

Summary A stored cross-site scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities e.g., img .... When an administrator views the admin user list, the payload is decoded server-si...

EUVD-2025-205601

phpMyFAQ has Stored XSS in user list via admin-managed displayname...