CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/03/25 6:26 p.m.•69 views

CVE-2024-27299

phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...

8.8CVSS8.8AI score0.02881EPSS

Exploits1References3Affected Software1

Cvelist•added 2024/03/25 6:26 p.m.•21 views

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

8.8CVSS9.1AI score0.02881EPSS

Circl•added 2024/03/25 4:47 p.m.•1 views

CVE-2024-27300

creationtimestamp| type| source ---|---|--- 2024-03-25 16:47:08+00:00| published-proof-of-concept| https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx...

5.5CVSS5.8AI score0.00787EPSS

Exploits1References1

CNNVD•added 2024/03/25 12:0 a.m.•2 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.5, which stems from improper escaping of email addresses, resulting in a SQL injection vulnerability in the Add News feature...

8.8CVSS6.6AI score0.02881EPSS

Exploits1References4

Positive Technologies•added 2024/03/25 12:0 a.m.•2 views

PT-2024-2384 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The issue is related to the manipulation of the news parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS...

5.8CVSS6.7AI score0.00157EPSS

Positive Technologies•added 2024/03/25 12:0 a.m.•3 views

PT-2024-2396 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ version 3.2.5 Description: A SQL injection vulnerability has been discovered in the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to...

9CVSS8.2AI score0.02881EPSS

FreeBSD•added 2024/03/25 12:0 a.m.•6 views

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting XSS, SQL injection and bypass vulnerabilities...

8AI score

Exploits0References8

6.1CVSS5.3AI score0.00481EPSS

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from insufficient validation of the contentLink parameter and could allow an unauthenticated user to inject...

4.8CVSS4.7AI score0.00341EPSS

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by Thorsten Rinne, an individual developer. A security vulnerability exists in phpMyFAQ that allows an attacker with administrator privileges to upload attachments containing JS code without an extension,...

Exploits1References2

CNNVD•added 2024/03/25 12:0 a.m.•2 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the email field in the phpMyFAQ User Control Panel page being vulnerable to a stored cross-site scripti...

5.5CVSS4.6AI score0.00787EPSS

Exploits1References4

Positive Technologies•added 2024/03/25 12:0 a.m.•3 views

PT-2024-2390 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The category image upload function in phpMyFAQ is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentiall...

8.3CVSS8.8AI score0.03088EPSS

8.8CVSS6.5AI score0.00537EPSS

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ that stems from improperly escaping email addresses, leading to an SQL injection vulnerability...

5.4CVSS4.6AI score0.00157EPSS

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by Thorsten Rinne, an individual developer. A security vulnerability exists in phpMyFAQ, which stems from a cross-site scripting vulnerability in the news parameter...

Positive Technologies•added 2024/03/25 12:0 a.m.•2 views

PT-2024-2385 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The issue is related to insufficient validation on the contentLink parameter, allowing unauthenticated users to inject HTML code into the page, which may affect other users. This requires that...

6.1CVSS7.5AI score0.00481EPSS

Positive Technologies•added 2024/03/25 12:0 a.m.•3 views

PT-2024-2374 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: The issue is related to the inadequacy of PHP's FILTER VALIDATE EMAIL function, which only validates the email format, not its content. This allows an attacker to execute arbitrary client-side...

6.5CVSS6.4AI score0.00787EPSS

7.2CVSS5.4AI score0.03088EPSS

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the category image upload feature in phpmyfaq being susceptible to manipulation of the Content-type and...