Cross-site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates email format but not its content. This allows an attacker to execute arbitrary client-side JavaScript within the context of...

Path Traversal

phpmyfaq is vulnerable to Path Traversal. The vulnerability is due to improper validation / sanitisation on user input file paths. The vulnerability allows attackers with admin rights to upload malicious files to other locations of the web root, resulting in path traversal...

HTML Injection

phpmyfaq is vulnerable to HTML injection. The vulnerability is due to insufficient validation on the contentLink parameter, this allowing an attacker to inject HTML code that can affect other users...

Remote Code Execution (RCE)

phpmyfaq/phpmyfaq is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to insufficient validation of the file's content type within attachment.php. This allows an attacker to upload a malicious file with a .php extension, potentially leading to remote code execution RCE on...

Sql Injection

phpmyfaq/phpmyfaq is vulnerable to a SQL Injection. The vulnerability is due to improper escaping of email addresses in the insertentry and saveentry functions, which allows authenticated users with add/edit rights to manipulate records, leading to data exfiltration, account takeover, and...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input validation of the "news" parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon visiting the compromised news page, the XSS payload is triggered...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the handling of file attachments. An attacker with admin privileges can upload an attachment containing JS code without an extension, and the application will render it as HTML, leading to the execution of arbitrary...

FreeBSD : phpmyfaq -- multiple vulnerabilities (8b3be705-eba7-11ee-99b3-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8b3be705-eba7-11ee-99b3-589cfc0f81b0 advisory. - phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discover...

CVE-2024-29196

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196

CVE-2024-29196 affects phpMyFAQ with a Path Traversal in Attachments. The vulnerability allows attackers with admin rights to upload malicious files to locations outside the intended attachments directory, potentially affecting the web root. Public advisories confirm the issue exists in versions ...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.5, which stems from the presence of a path traversal vulnerability that allows an attacker with administrator...

phpMyFAQ < 3.2.6 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2024-29179

CVE-2024-29179 concerns phpMyFAQ, an open source FAQ app. The vulnerability arises when an administrator uploads an attachment containing JavaScript code without an extension; the application then renders the attachment as HTML, enabling stored XSS. Attacks require admin privileges and leverage t...

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...