CVE-2023-2429

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13...

CVE-2022-4408

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2022-4409

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2017-15734

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.main.php...

CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

CVE-2017-15728

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via metaDescription or metaKeywords...

CVE-2017-15732

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/news.php...

CVE-2017-15731

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.adminlog.php...

CVE-2017-15729

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF for adding a glossary...

CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

CVE-2017-15733

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...

CVE-2011-3783

phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/languageuk.php and certain other files...

CVE-2017-15735

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF for modifying a glossary...

CVE-2010-4558

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

📄 phpMyFAQ 3.1.7 Cross Site Scripting

phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...

📄 phpMyFAQ 3.2.10 Unintended File Download

phpMyFAQ version 3.2.10 suffers from an unintended file download vulnerability. Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link:...

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 3.1.7 Tested on: Ubuntu Windows CVE : CVE-2022-4407 PoC: Get:...

CVE-2022-3608

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha...