CVE-2022-3765

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

CVE-2022-3754

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

CVE-2022-3766

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

CVE-2022-4407

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-28107

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2024-28105

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...

phpMyFAQ 3.2.10 < 4.0.2 HTML Injection Vulnerability (GHSA-ww33-jppq-qfrp)

phpMyFAQ is prone to an HTML injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if...

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

CVE-2024-56199

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editentry action, which is accessible on the FAQ Q&A editor page. An admin user can disrupt other users' sessions by...

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

CVE-2024-56199

phpMyFAQ is vulnerable from versions 3.2.10 through 4.0.1 to an HTML injection in the FAQ editor (https://.../admin/index.php?action=editentry), enabling injected HTML that disrupts the page UI and can lead to DoS and degraded user experience. The issue is fixed in version 4.0.2; upgrading to 4.0...

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...

PT-2025-3201 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions 3.2.10 through 4.0.2 Description: The issue allows an attacker to inject malicious HTML content into the FAQ editor at "http://localhost/admin/index.php?action=editentry", resulting in a complete disruption of the FAQ page's...

Unauthorized File Download

thorsten/phpmyfaq is vulnerable to Unauthorized File Download. The vulnerability is due to improper validation in the FAQ Record component, allowing a privileged attacker to embed a file download in an element and exploit it without user interaction or explicit consent...