1756 matches found
CVE-2024-27300
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...
CVE-2024-28108
phpMyFAQ (PHP 8.1+, with MySQL/PostgreSQL and other DBs) has a stored HTML injection vulnerability in the contentLink parameter that can be exploited by unauthenticated users to inject HTML into pages. The issue is tied to insufficient validation and is aggravated when guest users can add FAQs wi...
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...
CVE-2024-28107
The CVE-2024-28107 entry concerns phpMyFAQ, a PHP-based FAQ app. The vulnerability is a SQL injection in the insertentry and saveentry paths, caused by improper escaping of the email address. It affects authenticated users with add/edit rights, enabling data exfiltration, potential account takeov...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28106
Summary: CVE-2024-28106 affects phpMyFAQ, an open source FAQ app. The vulnerability is a stored Cross‑Site Scripting (XSS) in the “news” parameter of a POST request, allowing an attacker to inject JavaScript that executes when a user visits the affected news page. Root cause: inadequate sanitizat...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-28105
CVE-2024-28105 concerns phpMyFAQ where the category image upload feature can be abused by manipulating Content-Type and lang to store a PHP file, potentially enabling remote code execution (RCE). The public details describe that by submitting a crafted image upload request, an attacker can bypass...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...