CVE-2024-28106

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

CVE-2024-27300

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2024-56199

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

CVE-2024-29196

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-28108

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22202

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

CVE-2023-0314

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-0309

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-0307

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-0306

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

CVE-2023-1753

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-0880

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0790

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0794

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0787

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0793

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

CVE-2023-0786

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11...